While Facebook grants its users lots of control over their privacy settings, keeping up with the latest privacy controls can be difficult. As a result, many users end up sharing their information and photos with a far wider audience than intended. This edition of our CyberSecurity 101 series should serve as a user guide for configuring Facebook privacy settings for optimal security.

Configuring Facebook Privacy Settings

Facebook’s privacy settings control who can view your posts, profile, tags, updates, and more. These settings can be accessed by selecting the “Privacy” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=privacy).

  • Choose who can see your future posts: Use this option to select the audience for future posts you make. For increased privacy, set this option to “Friends” or create custom settings to explicitly select who can see your posts. If you change your audience for a specific post you make, return to this menu to make sure that your default setting doesn’t change.
  • Review all your posts and tags: Click on “Use Activity Log” next to “Review all your posts and things you’re tagged in.” The Activity Log displays all of the updates that are posted on your timeline. The Activity Log also allows users to manage their audience for updates and control which updates appear on their timelines.
  • Limit the audience for posts you’ve shared: Select “Limit Past Posts” to make past content you’ve shared only viewable to your friends.
  • Control how people can search for you: Under the “Who can look me up?” header, Facebook offers three parameters for setting how your profile will appear in search results. Set restrictions for who can look you up using your name, email address, and phone number. If you don’t want your profile to appear in search engines, turn off the “Do you want other search engines to link your timeline?” option.

Configuring Timeline and Tagging Settings

Timeline and Tagging settings control the way other people can view and interact with your timeline. These settings can be accessed by clicking the “Timeline and Tagging” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=timeline).

  • Choose who can post on your timeline: The “Who can post on your timeline?” setting enables you to choose whether you want to allow others to post on your timeline.
  • Review tagged posts: Enable the “Review posts friends tag you in before they appear on your timeline” option. This feature requires you to approve any posts you are tagged in before they are published to your timeline.
  • Control your timeline audience: The “Who can see things on my timeline?” section has two parameters for selecting who can see tags and posts from others on your timeline. A good starting place for privacy is setting both to “Friends,” though users that are looking for increased privacy may prefer the “Only Me” or “Custom” settings.
  • Manage added tags and tagging suggestions: The “How can I manage tags people add and tagging suggestions?” section has three settings to review tags, limit the audience when you’re tagged in a post, and control who will receive tag suggestions for photos. Users should enable the “Review tags people add to your own posts” feature to select which of the tags that people add will appear on Facebook. The next setting in this section controls who will be added to the audience for posts when you are tagged. The “Friends” option offers some privacy, but many users may want to consider using the “Only Me” option or creating custom settings to further increase privacy. Finally, consider setting the “tag suggestions” function to “No One” to prevent others from being prompted to tag you in photos.

Managing Blocking Settings

Facebook allows users to restrict or block other users, invites, and apps on an individual basis. These settings are accessible by selecting the “Blocking” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=blocking). All users should spend a few minutes to review these settings and block any people, apps, or invites that they do not wish to have access to their pages.

Configuring App Settings for Privacy

Users can manage their app settings by selecting the “Apps” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=applications). The “App Settings” page displays all of the apps you’re using and allows you to manage each app’s visibility, permissions, notification settings, and more. Users should review each app they’re using as well as the permissions and data access that their apps require in order to better understand the impact they have on privacy. It’s also recommended that you regularly remove the apps that you’re no longer using to limit the number of apps that have access to your information.

Configuring Ad Settings for Privacy

Users can control how their name, profile picture, or other publicly-available information can appear in Facebook ads. To access your Facebook Ads settings, select the “Ads” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=ads).

  • Third Party Sites: This setting controls whether Facebook will provide your information to third party apps or networks for use in Facebook ads. While Facebook currently doesn’t provide this information to third parties, there is a setting to prevent them from doing so in the future. To prevent Facebook from sharing your information with third party sites, set the “If we allow this in the future, show my information to” option to “No one.”
  • Ads & Friends: Set the “Pair my social actions with ads for” option to “No one” to prevent Facebook from using your name in social ads.

Configuring Facebook Security Settings

While you’re changing your privacy settings, it is worth taking a look at how your security settings are configured as well. Security settings can be accessed by selecting the “Security” tab on Facebook’s “General Account Settings” page (https://www.facebook.com/settings?tab=security).

  • Set a Security Question: Setting a security question gives Facebook another way to verify your identity when accessing your private information.
  • Turn on Secure Browsing: Enable this feature to browse Facebook over a secure connection (HTTPS) whenever available.
  • Setup Login Notifications: Login Notifications will alert you when your account is being accessed by an unknown device. Having this feature enabled will help you quickly detect and react if someone else is attempting to access your account.
  • Login Approvals: For increased security, many users enable the “Login Approvals” feature. Turning on this feature means that you must provide a security code when logging in from an unknown browser. The required security code will be sent to your phone to prevent malicious users from accessing your account.
  • Create App Passwords, if Desired: Some users may wish to create unique passwords for each app they use. If you use lots of apps you should generate passwords for each to ensure that they are secured.
  • Register your Devices: You should register all of the devices you use so that Facebook will recognize when an unknown device is attempting to access your account. The “Recognized Devices” setting allows users to manage which devices Facebook should recognize.
  • Manage your Active Sessions: The “Active Sessions” feature enables you to manage the open sessions in which you’re currently logged in to Facebook. Regularly check this setting to make sure that your account isn’t logged into from an unauthorized or unfamiliar location or device.

There you have it! Following these recommendations will go a long way in bolstering the privacy and security of your Facebook account. Stay tuned for the next post in our CyberSecurity 101 series!

Cybersecurity 101 Series

About Nate Lord

Nate joined Veracode as a marketing specialist in early 2012. He is one of Veracode’s first co-ops from Northeastern University, where he is majoring in entrepreneurship and new venture management while minoring in music. He has various responsibilities at Veracode, including blogging, SEO, and infographic design.

Comments (4)

pranee pongthong | May 27, 2013 3:04 am

why cant i access ...log in ..in my facebook ?

Ellen Tallabas | July 4, 2014 12:42 pm

I have tried to address this problem numerous times. In my security area it says that I have push notifications enabled to a mobile phone. I do not have a mobile phone,,, and I do not have fb installed on my iPad. Am I hacked, synced, or what? I really wish someone would take care of this or at least inform me if there is a phone attached, the number? etc.

ndupaul | July 7, 2014 12:27 pm

Ellen, if you have open your Notifications Settings tab under Privacy and Security, in the left hand navigation menu the next tab down is Mobile, any number that is stored on Facebook in relation to your account would be listed here. You can easily remove it and if there is no number displayed you should have nothing to worry about.

Ellen Tallabas | July 7, 2014 1:09 pm

I have tried that on my laptop. It brings me to mobile and says I must go to my device and uninstall and then tells me how to do it. It still says some of my notifications are being pushed? and still going to mobile..... I have a boyfriend who I believed hacked my laptop or my ipad. I uninstalled facebook from my ipad, but I believe he has it jailbroken now. Could it be he has a different login id? I see game newsletters that I do not play showing up in my email.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.