If you haven’t done so, please read the previous article Facebook Privacy and Security Settings: An Overview
Now, on to the Security Settings…
NOTE: You can click on the screen grabs to get a larger view. They will open in a new window or tab, simply close the new window or tab to return to the article rather than hitting the Back button on your browser.
- Go to your timeline (click on your name in the blue bar at the very top)
- Click "Privacy shortcuts" (the little padlock icon)
- From the bottom of the list, click "See More Settings"
From the left-hand menu, click "Security"
UPDATE: This section has been removed from the Security Settings. Without going into any technical details, when you’re on any website where you need to log in and/or share personal information, check the URL (the web address) and make sure it starts with "https" and not "http". If the start of the URL doesn’t have the "s" then it is not a secure network and your information could be stolen by someone on the same network, especially if you are using a wifi (wireless) connection. Personally, I’ve never had my information compromised on a non-secure network even over wifi, but if it’s a risk you don’t want to take then don’t go to any websites that require you to login (like Facebook) when the "s" is missing from the URL.
If anyone (including you) logs into your Facebook account from a computer or device that has not been used to login before, Facebook can notify you by text, e-mail or both. As you login from different devices, you will be asked if you want to name and save the device so that it becomes "recognized". This way, if someone who is not you logs into your account then presumably they are using their own device and it would be "unrecognized" so you would get a notification that something fishy is gong on. If you get a text that says, "Login from unrecognized device" and you’re not actually on Facebook, then you know someone is accessing your account from somewhere else. You can then see information about the session and terminate it from the "Active Sessions" section (see further down).
This is an extremely secure feature, here’s how it works: You login to Facebook from a device the is not "recognized" (in other words, you have not used this computer/phone/tablet to login before), Facebook sends a text message to your phone with a code that has to be entered berfore you can login. Advantage: No one can login to your Facebook without your e-mail, password and your phone unlocked and in their hands at the time. Disadvantage: If you try to login from a new device yourself, you have to have your phone with you.
Check the check box and follow the instructions to set this up.
This only applies if you use Facebook apps and you are using Login Approvals (see above). If this is the case, some apps can’t receive the security code that your Login Approval generates (they simply aren’t set up for this mechanism), so you would normally be locked out from playng these games when you login from an unrecognized browser. To avoid this (if it’s that important to you), you can generate an app password for apps that apply. Then, when you try to launch the app from an unrecognized browser, you can put in the app password and gleefully slaughter zombies with scrabble tiles or whatever it is you do with your apps.
Click "Generate app passwords" and follow the instructions to set it up.
Do you want to choose 3-5 people from your friends list to help you regain access to your account in case you forget your password and all of your own security questions and can’t access your e-mail account to use the password reset mechanism? No? Good, this is a ridiculous feature and should never had been added. Your friends don’t want that burden either, trust me. Just skip this.
If you use Facebook Login Approvals (see above), this is where you will see a list of recognised devices (browsers with which you have successfully used to login to Facebook). You can use this to keep track of when and where your account has been accessed and you can remove recognized devices to trigger the Login Approval again.
NOTE: This used to be called "Recognized Devices". It works exactly the same way, so I didn’t bother with a new screen grab.
Where You’re Logged In
This is where you can see all the devices and locations that have been used to access your account. If you see a session you do not recognize (a device name or location that isn’t familiar to you), you can terminate the session by clicking "End activity". If you use the Messenger app, that activity will show up here as well. It’s never a bad idea to terminate any sessions that are not your current session.
NOTE: This used to be called "Active Sessions". It works exactly the same way, so I didn’t bother with a new screen grab.
Deactivate your account
The last, tiny little link is to deactivate your account and leave Facebook altogether. If you click it you will see a page with all of your friends listed and Facebook saying, "Are you sure you want to leave? So-and-so will miss you!" It’s really quite funny. You have to fill out a short questionnaire about why you’re leaving and then, bang! No more Facebook. If you are the sole admin for any Pages or Groups, they will be listed and you are warned that they will be terminated as well. Deactivated accounts cannot be reactivated and you will have to use a different e-mail address than the one you used to sign up for the deactivated account if you want to join Facebook again.
Those are the security settings that are meant to help you keep your account protected from unwanted access. Next we will look at your Privacy Settings meant to control what you share and with whom you share it.
Did you find this helpful? Is there something you’d like to see covered that isn’t here? Did I make a mistake or give bad information? Let me know in the comments below, feedback is appreciated!