The brainchild of Mark Zuckerberg and four other co-founders, Facebook has been instrumental in shaping our modern view of digital interactions. Also known as META, Facebook is the world’s most used social media platform.
Its success lies in its robust infrastructure, data-driven advertising model, and ecommerce integration – but how secure is your Facebook account? Below, we explain what role passwords play in keeping your account safe, how to change your Facebook password, and why it matters.
A step-by-step guide to changing your Facebook password
Accessing account settings to change your password
Changing your Facebook password after a known security incident or compromise is highly recommended by NIST.
There are two ways to change your password: through the Accounts Center or while logged in.
If you’re logged in, changing your password on your iPhone, Android, or web browser is a simple process:
- Open the Facebook app on your iPhone or Android device.
- If you’re using a web browser, log into Facebook at facebook.com.
- Tap the three horizontal lines in the bottom right corner if you’re on an iPhone. For Android, tap the lines in the top right corner. If you’re using a web browser on a computer, click on your profile picture in the top-right corner.
- Select “Settings & Privacy.” Next, tap on “Settings.”
- Tap “Password and Security” if you’re on an iPhone or Android. For web browsers on a computer, choose “Security and Login.”
- Scroll down and tap “Change Password” or “Edit” next to “Change Password.” Enter your current password and then your new password twice.
- Tap on “Update Password” to confirm if you’re on an iPhone or Android. If you’re on a web browser, tap “Save Changes.”
Creating a strong and unique password
In 2024, creating a strong password is more about length than complexity. In line with this change, NIST has encouraged the use of longer passwords and even passphrases.
If you’re having trouble creating a strong password for your Facebook account, consider using our free Secure-by-Design password generator.
Additional tips for enhancing your Facebook account security
Enabling two-factor authentication (2FA)
Turning on two-factor authentication adds an extra layer of security to your Facebook account. The following are general steps to set it up on desktop, Android, iPhone, or mobile browser:
- Click on your profile picture or tap the three horizontal lines in the top right corner.
- Click “Settings and Privacy” and then “Password and Security.”
- Scroll down to tap “Two-Factor Authentication.”
- Choose your preferred 2FA method, whether it be authenticator app, text message (SMS) codes, or security key on a compatible device.
- Once enabled, you’ll need to provide this second form of verification when logging in.
Managing app permissions
To maintain account security, you’ll want to manage app permissions:
- Click on your profile picture, choose “Settings & Privacy,” and then click “Settings.”
- Click “Apps & Websites” in the left sidebar.
- Review the list of apps and websites with access to your Facebook account.
- Click “Remove” on any unwanted apps or websites.
Detecting and avoiding phishing attempts
Facebook is a top target for phishing and malware scams. In 2023, hackers used malvertising ads to promote adult content, games, and cracked software (illegally modified software to bypass copyright protections).
When users clicked on the ads, the SYS01 infostealer was executed, allowing the attackers to steal browser data and take over Facebook accounts.
To recognize phishing attempts, here are four signs to look for:
- You can no longer access your Facebook account.
- Your connections are receiving inappropriate messages, such as requests for personal information or financial assistance, from unknown senders. Communications often have an urgent or threatening tone.
- Other accounts related to banking or ecommerce have now been hijacked – and you can no longer log in.
- You are now following accounts you don’t recognize.
To protect yourself from phishing attempts on Facebook:
- Avoid clicking on unsolicited links or attachments – especially in pop-up ads.
- Phishing requests may come in the form of emails, Instagram direct messages, or SMS text messages. Learn how to check if an email is really from Facebook.
- Facebook never requests sensitive info over text or email – so any requests to the contrary can be regarded as phishing attempts.
- Use strong, unique passwords for your account.
Why should you change your Facebook password regularly?
Importance of password security
Today, credential-based attacks are the primary way hackers are accessing your data. According to Microsoft’s 2024 Digital Defense report, more than 99% of the 600 million + identity attacks daily are password-based.
Thus, a strong password is an important defense against unauthorized access to your Facebook account.
Protecting your personal information
Limiting what you share on Facebook can protect you from identity theft. Here are four (4) key pieces of personal info you’ll want to avoid sharing on the platform:
- Phone or mobile numbers, email addresses, birth dates and other personally identifiable information (PII) in the About section
- Intimate details about your love life
- Photos of your family members, close friends, and young children
- Pictures of luxury items you own
Preventing unauthorized access and protecting your Facebook profile
To keep your Facebook account safe from potential intruders:
- Be cautious when using public Wi-Fi networks. To ensure a website is encrypted, look for a lock symbol or HTTPS in the URL.
- Lock down your Facebook profile to prevent non-connections from accessing your photos, posts, stories, and full About section.
- Change your Discovery settings to stop random friend requests.
- Enable login alerts to see when your account is accessed by unfamiliar devices or from unknown locations.
FAQ
How do I change my FB password in the app?
To change your FB password in the app, head to Settings & Privacy > Settings > Password and Security > Change Password.
Why can't I reset my Facebook password?
There are three reasons you can’t reset your Facebook password:
- Your password reset email may be in the junk folder.
- You may have entered an invalid code or used the wrong link.
- You no longer have access to the email or mobile phone number associated with your account.
How can I find my password on Facebook?
If you’ve saved your password in your browser, you’ll find it in your browser’s settings. However, if you’ve forgotten your password, head to the Find Your Account page to begin a password reset.
How do I change my password on Facebook?
You can change your password in Accounts Center or click on your profile picture and then head to Settings & Privacy > Settings > Security and Login > Edit/Change Password.
