Pick a strong and unique password. Avoid including your name, phone number, email address or common words. Don’t reuse your Facebook password on other services online, and never share your password with others.
To further secure your account, we recommend enabling two-factor authentication, both for yourself and as a requirement for other members of your business. Once you’ve set up this extra layer of protection, we’ll ask you to enter a code or confirm your login attempt each time someone tries accessing your Facebook account from a computer or mobile device we don’t recognize. We also encourage you to sign up to get alerts when someone attempts to log in from a device we don’t recognize.
Be sure to familiarize yourself with the different Page roles that exist and the permissions they have. We recommend regularly reviewing who has admin access to your Page in settings, and when you add your Page to a Business Manager, please take a moment to understand the permissions you allow. We also recommend having more than one admin for your Page, so that in case you ever lose access to your Page, someone you trust can help keep the Page up and running, and get you back in.
Scammers may create fake accounts in an attempt to friend and manipulate people. Accepting requests from scammers could lead to spam being posted on your timeline and shared with your friends. Scammers may also tag you in posts and send malicious messages to you and your contacts, so we encourage you to be careful to only accept friend requests from people you know and trust. Similarly, don’t grant Business Manager permission to Pages you don’t know. You can report suspicious Business Manager permission requests here.
Keep an eye out for links you don’t recognize, especially if they’re coming from people you don’t know or trust. Be careful not to click on suspicious links, open suspicious files or install malicious apps or browser extensions—even if they appear to come from a friend or a company you know. This includes links on Facebook, in private messages and in emails. Keep in mind that Facebook will never ask you for your password in an email. You can always confirm whether an email claiming to be from Facebook is authentic by reviewing recent emails we’ve sent in the Security and Login Settings here. If you see a post or message that tries to trick you into sharing personal information, please report it.
To avoid infecting your device or computer network, learn the signs of malicious software and ways you can protect your devices from it. And remember to keep your devices, web browsers and applications up to date and remove any suspicious applications or browser add-ons.
To help you regain access to your account, and then your Page, in case you are ever locked out, you can enable your friends to be your trusted contacts. They’ll be able to send you a recovery code with a URL to help you get back into your account.
Lastly, if you think your personal account has been compromised in any way, please visit facebook.com/hacked to get help, and visit our Help Center for help with your Page security. You can also explore Privacy Basics for more ways to increase your account security and to learn about the protections we have in place.