Security Features and Tips
Keep Your Account Secure
Here are a few things you can do to keep your account secure:
Protect your password
- Don't use your Facebook password anywhere else online, and never share it with other people.
- Your password should be hard to guess, so don't include your name or common words.
- Learn more about creating a strong password.
Never share your login information
- Scammers may create fake websites that look like Facebook and ask you to login with your email and password.
- Always check the website's URL before you enter your login information. When in doubt, type www.facebook.com into your browser to get to Facebook.
- Don't forward emails from Facebook to other people, since they may have sensitive information about your account.
- Learn more about avoiding phishing.
Log out of Facebook when you use a computer you share with other people
- If you forget, you can log out remotely.
Don't accept friend requests from people you don't know
- Scammers may create fake accounts to friend people.
- Becoming friends with scammers might allow them to spam your timeline, tag you in posts and send you malicious messages.
Watch out for malicious software
- Malicious software can cause damage to a computer, server or computer network.
- Learn the signs of an infected computer or device and how to remove malicious software.
- Keep your web browser up to date and remove suspicious applications or browser add-ons.
Never click suspicious links, even if they appear to come from a friend or a company you know
- This includes links on Facebook (example: on posts) or in emails.
- Keep in mind that Facebook will never ask you for your password in an email.
- If you see a suspicious link on Facebook, report it.
Use our extra security options
You can use Security Checkup to review and add more security to your account. You'll need to log into your Facebook account to start Security Checkup.
Security Checkup will help you:
- Get alerts when someone tries logging into your account from an unrecognized computer or mobile device.
- Learn how to protect your password.
Note: This feature is currently available to people logged into Facebook on a computer or the latest version of the Facebook for Android or Facebook for iOS app.
Learn more about keeping your account secure.
Yes. Secure browsing (HTTPS) is a security feature that automatically encrypts your connection to Facebook. This helps protect your account by making it harder for anyone to access your Facebook information without your permission.
A secure connection is required to connect to Facebook and can't be turned off.
You can use a one-time password to log into your Facebook account any time you feel uncomfortable entering your real password (such as in a library or internet cafe). Here's how:
- If you're in the US, send a text message (SMS) to 32665 with the message otp. If you're not in the US, check this list to see which mobile carriers support this feature and what number you should use.
- If your mobile number is already linked to your Facebook account, we'll reply with a unique, 6-character temporary password. If you haven't added this mobile number to your account, we'll send you an email with instructions on how to add it and collect your code.
- Once you get your code, just enter it in the Password section of the Facebook login screen.
Your one-time password is temporary and can't be used more than once.
Note: One-time passwords are not available if you have two-factor authentication turned on.
You can manage where you’re logged into Facebook in Security and Login Settings. The Where You’re Logged In section lists where you’re currently logged in. Each entry includes a date, time, location and device type.
To log out of Facebook on another computer, phone or tablet:
- Go to your Security and Login Settings.
- Go to the section Where You're Logged In. You may have to click See More to see all of the sessions where you're logged in.
- Find the session you want to end. Click and then click Log Out.
Clicking Log Out will immediately log you out of Facebook on that device.
If you see a location that you don't recognize, first check if it's related to your mobile device. Often, when signing in through a mobile device, you're routed through an IP address that doesn’t actually reflect your actual current location.
If you don't recognize a location and it's not connected to a mobile device, it could be because:
- We have inaccurate information: Sometimes we can only provide an approximate location that may appear inaccurate compared to your actual current location.
- You forgot to log off: You might be seeing the location of a mobile device you're still logged in to. If you think you've left yourself logged in on someone else’s mobile device, you can log yourself out.
- Someone else has access to your Facebook account: If you think someone else is logged in to your account, you should first log yourself out and then secure your account by changing your password.
If you can't get into your Facebook account and you already have Trusted Contacts set up, you can request help from them to get back into your account.
If you don't have Trusted Contacts set up and you're having problems logging into your Facebook account, learn about other ways to get back into your account.
To create a recovery code for your Trusted Contacts to give you:
- Go to facebook.com on a computer, then click Forgot account? on the login page.
- If prompted, find your account by entering your email, phone, username or full name and click Search.
- Look at the list of email addresses listed on your account. If you don't have access to any of these, click No longer have access to these?
- Enter a new email or phone that you know you can access and click Continue.
- Click Reveal My Trusted Contacts and type the full name of one of your trusted contacts.
- You'll see a set of instructions that includes a special link. The link contains a recovery code that only your Trusted Contacts can access.
To get the recovery code from your Trusted Contacts:
- Send your friend the link and ask them to open it.
- Their link will have a login code. Ask them to give the login code to you.
- Use the recovery codes from your trusted contacts to access your account.
I'm having trouble getting the codes from the friends I've chosen as trusted contacts on Facebook. What else can I do?
If you haven't previously chosen friends as trusted contacts, you won't be able to use this feature to get back into your account.
We're sorry to hear you're having trouble getting your security codes from your trusted contacts. If one of your friends is having trouble getting the code, ask them to double check that the link (URL) is correct and try refreshing the page.
If you haven't set up any friends as trusted contacts, or if your contacts aren't available, you have some other options for getting back into your account:
We have security measures in place to help protect your account when you choose friends to be your trusted contacts. Here are some things you can also do to help ensure the security of your account:
- Pick friends you know in real life who you can easily talk to in person or on the phone.
- Select different kinds of friends (for example, co-workers, classmates, family) who you can trust.
- Pick friends who would recognize your voice if you spoke to them.
To help protect your account after regaining access, you'll have to wait 24 hours before trusted contacts can be used again.
If one of your friends ever gets locked out of their account, they may call you for help if you're listed as one of their trusted contacts. All you'll need to do is:
- Visit the URL your friend gives you to access a special security code.
- Give your friend the code, either over the phone or in person.
Be sure to give your friend the security code over the phone or in person. We require this to make sure that nobody else gets into their Facebook account by pretending to be them.
If your friend hasn't started the process to secure their account and needs help, ask them to visit the Help Center to get started.