Warning: I may get slightly snarky below. I’m not intending to belittle anyone’s intelligence, but to forcefully promote the importance of privacy and security.

So… recently I know a number of people’s Facebook accounts that have been “hacked”, and since I don’t want to bore you with the technical details I do want to provide some basic security advice and show you how to lock down your account.

First the basics… While I know it may be super tempting, or you “just weren’t thinking”…

• NEVER click on a link you don’t recognize and have a reason to click on. I don’t care if it’s unicorns and rainbows or will create world peace. Stop clicking on links for no reason. What’s a reason? Ex, your friend messages you and says, “Hey [what they would normally call you], here’s a great recipe we tried last night and [some family member of theirs] really enjoyed it [link]”. Notice how actual identifying information was included in that and it was targeted?
• But what about all the great articles on Facebook? Do you recognize the domain? Do you have a real reason to be going there? Maybe you should log out of Facebook and delete your account? But anyway, same rules apply… unless you recognize where the link is going to and you have a real reason – don’tclick on the link!
• Here we’re going to get a little Facebook specific, but NEVER install apps, games, or allow third party access to any part of your profile unless you are 100% sure of the legitimacy. In fact, delete all apps with access to your account. Ready, for a real link? Here’s where you can delete apps with access to your account. You’ve heard of Cambridge Analytica, right? If not, go delete your Facebook account right now and never log back in.
• Ok, back to the basics… Never use the same password for sites. Hint, your Facebook account getting hijacked isn’t usually because of a bad password, it’s usually for one of the reasons above which I why this is listed forth. Still… don’t use the same passwords.
• Ok, ready for probably the most important thing you can do other than following the items above? Enable two factor authentication EVERYWHERE. In fact, go back and read that article I wrote 4 years ago.

Ok, now I’m getting tired as this may be one of my longest posts ever. So, to wrap it up, here’s how to enable two factor authentication on your FB account (note, even 2FA won’t protect you from clicking on stupid links and installing apps).

1. Install an authenticator app on your phone like Google Authenticator.
2. Go to your Facebook security settings: https://www.facebook.com/settings?tab=security
3. Under “Setting Up Extra Security” enable “Use two-factor authentication”
4. Under “Code Generator”, click the “third party app” link to generate a QR code you can scan w/ the Google Authenticator app.
5. Follow the instructions.

Now, go enable 2FA for your other important accounts like banking and Google/GMail.

But most importantly, stop clicking on links!

PS: Again, apologies for any snarkyness. It’s interesting because in the wake of the cambridge analytica, #DeleteFacebook, and other campaigns I’ve been thinking of what it would take to create a distributed, secure, no ads based, non-profit social network. If you know of one already I would be interested. If not, and you’re a developer who might be interested in working on such a project, please let me know.