Protect yourself and your data when using Facebook

Atualizado 29 January 2025

Read this guide to learn how to secure your Facebook account.

Also see our guides on Instagram and WhatsApp to increase your privacy and security when using other platforms belonging to Meta.

Consider if relying on commercial, corporate products is secure enough to protect your information. Commercial corporations might not share your values and remove or filter content that they believe violates their policies. It may also be difficult for them to understand your local context, particularly if they do not operate in your language.

Know how to move your data out of Facebook

• Test how to download your data from your Facebook Account. Start the download process, then take a thorough look at what data it provides. Assess what has been downloaded, in what format and how you can read and use it.
  • Learn how to download your Facebook data.
  • Allow some time for this process. If you have had an account for a long time, there will be a lot of data to download, and the service may take a day or so to bundle it for your download.

Inform yourself about Facebook's policies

Learn how Facebook uses your information

• You can find a clarification of Facebook's terms of service on Terms of Service; Didn't Read.
• Learn about Facebook's privacy policy.
• Also review other Facebook's policies, in particular their terms of service and community standards.

Learn what Facebook will turn over to governments or law enforcement

• See Meta's policy on law enforcement requests.
• See Meta's transparency report on government requests for user data to learn about the nature and extent of these requests and the policies and processes Meta has in place to handle them.
• See Meta's transparency report on content restrictions based on local law to learn what kind of requests they received and how they responded.
• Also see Meta's transparency reports page.

Don't use the mobile app

• Do not use the app on your mobile device. Connect using a browser instead.
  • If you really need to use the app, consider using a separate device from the one you normally use.
  • In alternative, if you have and Android device, you can isolate the app in a separate profile.

Create a new account

You can create a Facebook account for free.

Decide whether you will use a real or fake name, and maintain separate accounts

• Be aware that even if you provide a fake name to Facebook, you may still be identifiable by the network you connect from and the IP address it assigns to your device unless you use a VPN or Tor to hide this information.
• Consider using separate accounts or separate identities/pseudonyms for different campaigns and activities. You will likely want to keep your personal and work accounts separate, at the very least.
  • Read more on this strategy in our guide on multiple identity management.
• Remember that the key to using a social networking platform safely is being able to trust the people you connect with. You and the others in your network will want to know that the people behind the accounts are who they say they are, and have ways to validate this. That does not necessarily mean you have to use your real name, but it may be important to use consistent fake names.
• Be aware that Facebook's name policy gives them the right to remove your account if they believe you are using a name that you don't use in everyday life. Facebook also has a poor track record of recognizing "real" names, particularly when they are not in English. If you choose a name that you don't use in everyday life, it's a good idea to use one that Facebook's algorithms will recognize as a plausible name and surname.

Set up with a fresh email address

• Set up a new email address on a privacy-friendly server. You can find a list of suggested privacy-friendly mail services in the communication tools section.
• If you need to protect your identity while setting up new email use the Tor Browser or a trusted VPN.

Don’t associate your phone number with your account

• If possible, when setting up a new account, do not enter your phone number. Facebook will allow you to set up a new account with only an email address, and that can be harder to associate with you.
  • Remove your phone number.
  • Adjust who can see your phone number.

Skip “find friends”

• "Skip" or dismiss Facebook's requests to "allow access" to contacts on your device, import your contacts, connect with your other social media accounts or find more connections when you first set up an account. You can select your contacts more carefully afterwards.
  • If you use the Facebook app, turn off automatic contact uploading.
  • Delete contacts you have uploaded through the Facebook app.
• Consider only connecting to people you know and whom you trust not to misuse the information you post.
• If you need to connect to an online community of like-minded individuals whom you have never met, consider carefully what information you will share with these people.
• Do not share your employer or educational background, as social media may use this information to share your profile with others unexpectedly.

Designate someone to manage your account if you are unable to do it yourself

• Note that for legal reasons, Facebook will not give a loved one or colleague access to your account. Rather, if you give them permission, they will make it possible to close and "memorialize" your account.
  • Consider setting up a legacy contact in case of your death.
• If you expect someone else may need to access your account quickly in the event of an emergency, arrange to share your login information with them using secure communication.
• If someone you know has been arrested or detained and you need to suspend their account so as to stop others from accessing their network of contacts or compromising information, you can reach out to Access Now Digital Security Helpline or Front Line Defenders to request assistance in working with Facebook to secure access to their accounts. Also read the Digital First Aid Kit troubleshooter Someone I Know Has Been Arrested for further recommendations and see the Digital First Aid Kit support page to look for help desks that may support you for specific needs.
• Learn how to remove the account for a medically incapacitated person.

Protect your account

Check your recovery email and phone number

• Check your recovery email.
• Check your recovery phone number.
• Change this information immediately if you lose access to your recovery email address or recovery phone number.

Use strong passwords

Use strong passwords to protect your accounts. Anyone who gets into your Facebook account will gain access to a lot of information about you and anyone you are connected to.

• See our guide on how to create and maintain strong passwords for more information.

Set up two-factor authentication (2FA)

• Use a security key, authenticator app or security codes for two-factor authentication.
• Do not use SMS or a phone call if possible, as your mobile phone company has full access to these communications and these methods are easier to hack into. Note that we don't recommend associating your usual phone number with your account, especially if your official name is not already associated with your account.
• Learn how two-factor authentication works on Facebook.
• Also go through the "How to keep your account secure" checkup, which will check your password and login alerts.

Download and save recovery codes to get back into your account

• Get recovery codes to sign into Facebook if you can't use your usual two-factor authentication method.
  • Store these codes in your password manager.
    • Alternatively, print these codes out before you are in a situation where you might need them. Keep them somewhere secure and hidden, like a locked safe.

Consider turning on Advanced Protection

• Learn how to turn on Advanced Protection.

Be very careful with emails or messages claiming to be from Facebook

• Learn more in the Facebook support page on suspicious emails and messages.
• Check if Facebook emailed you recently.

Create an alternative identity

• If you want to use Facebook without connecting it to your real identity, make sure to create your Facebook account through the Tor Browser and to never connect with your actual IP. Also make sure to create your account with an email address that you created using Tor or a VPN.
  • If you are using Facebook through the Tor Browser, it's a good idea to use their onion address https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/.

Check suspicious access

Check active sessions and authorized devices, review account activity and security events

• Look at the following instructions listing which devices have recently logged in to your account (including browsers or apps). Does every login look familiar?
  • Check where you're logged in from in your Activity log.
  • Check the methods you've set for login alerts to be sure you will actually receive them.
  • Perform regular security checkups.
  • Read the support page on how to log out of Facebook if a session is opened on another device.
  • Note that if you are using a VPN or Tor Browser, which can conceal your location, your own device may appear as connecting from unexpected locations.
• If you see suspicious activity on your account, immediately change your password to a new, long, random passphrase you do not use for any other accounts. Save this in your password manager.

Get notified about logins

• Get an alert when someone tries logging in from a device or location that's unusual for you.
  • Learn how to set the alert.
  • Get the notification sent to the email address associated with your Facebook account, and make sure you choose an email that you check regularly.
  • When you receive such a notification, review the sign-in details, including device type, time and location. If this activity doesn't look familiar, click This wasn't me.

If you think your account has been hacked

• Perform a security checkup to see if anything looks unusual.
• If your account has been compromised, follow the steps listed in the Facebook page on how to secure a hacked or compromised account or follow the step-by-step walkthrough to get help with a hacked account.
• If you can't solve this issue through the standard procedure, check out the Digital First Aid Kit troubleshooter I lost access to my account.

Review other sites and apps that can access your account

• Avoid using your accounts to log in to other sites (like news sites for example). While it may be convenient to use your Facebook account as a login option, you may be also making it easier for attackers to exploit this functionality and you may leave more evidence of what you have viewed online. Use a different password for every site, and save it in your password manager.
• Be careful when connecting your accounts. You may be anonymous on one site, but exposed when using another.
• Use the following links to learn about sites and apps connected to your Facebook account:
  • Check if your account is connected to third-party apps or services.
  • If you find that there are third-party apps or services connected to your Facebook account, disconnect them and create new passwords for them.
• If you really need to connect your Facebook account to a third-party app or service, learn how to manage the privacy settings for these apps and websites.

Decide what information to share

• Choose who you share content with.
• Walk through Privacy Checkup to make sure you're sharing your information with who you want.
• Set up regular Privacy Checkup reminders.
• Learn how to manage what others can see about you.
• Read more on Facebook's privacy settings and tools.

Consider what information you should avoid sharing

Information that should never be shared with others on social media, even via direct messages (DM), may be, for example:

• Passwords
• Personally identifying information, including:
  • your birthday,
  • your phone number (does it appear in screenshots of communications?),
  • government or other ID numbers,
  • medical records,
  • education and employment history (these can be used by untrustworthy people who want to gain your confidence.)
• Information that may lead to understand where you live, for example a picture of your house.

Information that you might not want to post on social media, depending on your assessment of the threats you are facing, is, for example, details about family members, information on your sexual orientation or activities and your email address (at least consider having more and less sensitive email accounts).

• Even if you trust the people in your networks, remember it is easy for someone to copy your information and spread it more widely than you want it to be.
• Agree with your network on what you do and do not want shared, for safety reasons.
• Think about what you may be revealing about your friends that they may not want other people to know; be sensitive about this, and ask them to be sensitive regarding what they reveal on you.

Don’t share your location

• Learn how location services work on Facebook.
• We do not recommend you use the Facebook app on your mobile, but if you do make sure to turn off location services.
  • Learn how to turn off location services on Android.
  • Learn how to turn off location services on iOS.
• Don't add or share your location to your posts.

Share photos and videos more safely

• Consider what is visible in photos you post. Never post images that include:
  • your vehicle license plates,
  • IDs, credit cards or financial information,
  • photographs of keys (it is possible to duplicate a key from a photo.)
• Think hard before you post pictures that include or make it possible to identify:
  • your friends, colleagues and loved ones (ask permission before posting),
  • your home, your office or other locations where you often spend time,
  • if you are hiding your location, other identifiable locations in the background (buildings, trees, natural landscape features, etc.).
• Learn how to delete a photo you uploaded to Facebook.
• Control who can see your shared albums on Facebook.
• Learn how to delete an album together with all the photos it contains.
• Learn how to remove contributors from a shared album you've created.
• Remove metadata before you post photos, videos and other files.

Change who can see when you "like" things

• Change "Who can see your social interactions alongside ads" to "Only Me".
• Learn how your interactions with videos on Facebook can be seen by other people.

Don't share your birthday

• On Facebook, you can register with a birthday that is not your own, and you can change your birthday also later. However, do keep track of what you enter, in case you need it to regain access to your account.
  • Change your birthday on Facebook and choose who can see it.

Decide who can see what

Share to select people

• Go through the "Who can see what you share" walkthrough in the Facebook Privacy Checkup. Set everything under "Profile information" to "Only me." Set limits you think are reasonable on subsequent screens. Consider "Limit past posts" to make it harder for others to see things you posted some time ago.
• Check out your activity log in your Facebook settings.
• Learn how to Change who can see what apps you use on Facebook.

Manage who can reply to what you post

• Choose who can comment on your Facebook Page's posts.
• Hide a comment from a post on your Facebook Page.
• Stop people from posting on your Facebook profile.
  • You can also set it so you review posts before you make them visible on your profile (this means you have to do more work).
• Control what visitors can post on your Facebook Page.

Think about group membership and who you connect with

• Control who can add you as a friend.
• Choose who can follow you.
• Check whether groups you are in are public or private. Public groups can be seen by anyone and can be found through a Facebook search.
• Be aware that third parties can create apps that have access to groups. Learn what information an app, website or game can access on Facebook.
• Learn how to leave a group (note that if the group was public, information about your past membership may still be online).
• Remove or ban someone from a group you manage.
• Delete posts or comments you published in a group.
• Remove a post in a Facebook group you manage.
• Turn off post comments or comment replies in a Facebook group.

Review tags/disallow tags

• Review tags that people add to your Facebook posts .
• Manage how others can tag or mention your Facebook Page. Next to "Who can see posts you’re tagged in on your Page?", click the audience selector, then select "Only me".

Limit who can contact you

• Go through the "How people can find you on Facebook" walkthrough in the Privacy Checkup.
  • Limit "Who can send you friend requests?" to "Friends of friends"
  • Set "Choose who can look you up by your phone number and email address." to something more limited than "Everyone" (Consider that "friends of friends" may still make it possible for malicious people to sneak into your network).
  • In the last step, consider whether you want people to be able to find your Facebook profile using search engines like Google.

Manage advertising

• Go to the wizard to manage your activity off Meta technologies.
  • Click "Recent activity", then "Clear previous activity".
  • Click "Manage future activity", then "Disconnect future activity".
• Go the ad settings.
  • In "Activity information from ad partners", choose "No, don’t make my ads more relevant by using this information".
  • In "Categories used to reach you", make sure all switches are set to "off" and remove "other categories".
  • Set "Ads from ad partners in other apps" to "Don’t show me ads from ad partners".
  • Set "Ads about Meta" to "Don't use my activity to show me ads about Meta".
  • Set "Social interactions" to "Only me".

Leave no trace

Precautions when using a public or shared device

• Avoid logging in to your Facebook account from shared devices (like an internet cafe or other people's devices).
• Never save your passwords and delete your browsing history when you use a web browser on a public machine. Change the passwords of any accounts you accessed from shared devices as soon as you can, using your own device.

Delete search history

• Clear searches from your activity log.
• Clear history of your off-Facebook activity.

Handle abuse

This section explains how to ask Facebook for assistance in situations of abuse, harassment, attacks and impersonation. If you are a human rights defender, journalist or activist at risk and Facebook is not assisting you effectively, you can reach out to Access Now Digital Security Helpline or Front Line Defenders to request assistance in working with Facebook. Also see the Digital First Aid Kit support page to look for help desks that may support you for specific needs.

Report abuse

• Learn how to report something inappropriate or abusive on Facebook.
• Learn how to report inappropriate or abusive content.

Report harassment that reveals information about you

• Learn how to report a privacy violation.
• Read Facebook's tips on how to handle bullying, harassment or personal attacks.

Identify and report coordinated inauthentic activity (botnets and spam)

• Learn how to manage spam on Facebook.

Report impersonation

• Learn how to report impersonation on Facebook profiles or Pages.

Hide stressful content

• Learn how to block or unfriend someone.
• Also see the section on managing who can reply to what you post to learn how to limit or hide comments on your Facebook Page and how to stop people from posting on your Facebook profile.

Learn how to recover your account if it is disabled or suspended

• Learn why your account might be suspended or disabled and how to try and recover it.

Take a break from your account

• Temporarily deactivate your account.

Register as a journalist, if you work in the news industry

• Learn more about journalist registration and its benefits.
• Register as a journalist.