facebook-security.jpg
(Credit: AngieYeoh, Shutterstock / AngieYeoh)

Social network Facebook (Android, iOS, Web) has come under fierce criticism for its questionable privacy practices for years. First, it was for violating user privacy by tracking user activity via Like button clicks and selling it to advertisers along with personally identifiable information. Then it was for collecting personally identifiable info and data on users that was not even voluntarily provided in a secret file called a Shadow Profile. Then we learned that the social media company was collecting Android users' phone-call and text-message history data.

SEE: Ultimate guide to Facebook Messenger and secure chat

Unfortunately, it took the recent Facebook-Cambridge Analytica data scandal, where tens of millions of users' data was collected and sold in an attempt to sway votes in the 2016 presidential election, to really get users to take a more proactive approach to protect their personal data -- because clearly, Facebook's not doing a good enough job of it.

Here are some of the adjustments all Facebook users should make to their privacy settings and security settings as soon as possible to secure their Facebook accounts.

Perform a Security Checkup

Take advantage of Facebook's Security Checkup feature on your desktop. This quick and easy diagnostic alerts you to three potential holes in your security settings: whether you're logged in to any unused apps, have Login Alerts set up, or have a weak password. It also helps you swiftly handle any of these security threats.

Create strong passwords

Create a password that's hard to decipher and that you use only on Facebook. Don't share it with anyone. If you think someone might have it, change it. To do this, tap More on your phone (bottom right on iOS and upper right on Android), then Settings & Privacy, Settings, Security & Login, and Change Password. Then enter your current password and a new password twice and then tap Save Changes. On your desktop, head to Settings from the main drop-down menu, tap Security, and Login, then Change Password, then input your current password and a new password twice and finally tap Save Changes.

Two-factor authentication

As an added precaution, Facebook offers a more secure two-step verification option called two-factor authentication. This feature forces you to log in with two pieces of information: your password and a code sent to your phone. To set this up on your mobile device, go to Settings & Privacy, then Settings, and then Security & Login. Click Use two-factor authentication, and you'll be walked through the setup process. On your desktop, head to More, Settings, and Security & Login to begin setup.

Trusted Contacts

If you forget your password, the Trusted Contacts feature enables your friends to help you get back into your account. On your mobile device, go to More, Settings & Privacy, Settings, Security & Login, and then Trusted Contacts to zip through the painless setup process. On your desktop, tap Settings, Security & Login, and Trusted Contacts to start the process there. Then you'll add three to five Facebook friends for Facebook to entrust with a code that your contacts can then send to you to get back into your account.

Always log out

If you're logged in to Facebook from multiple devices and haven't logged off, then these sessions are still active, and anyone who happens upon them has access to your page and your data. Go to More on your mobile device, then Settings & Privacy, Settings, Security & Login, and Where You're Logged In, and tap the X next to any session you want to end. On your desktop, go to Settings, then Security & Login, and Where You're Logged In to make changes. The better practice is to always log out after every session, especially if you're on a shared device. Logout is under More on your mobile device or in the main menu on your desktop.

Report spam and avoid phishing

Never open news feed posts, messages, games, or friend requests that appear suspicious. For example, if the post allegedly comes from a friend but asks for help or money or promoting a free prize, don't click but do be a good Samaritan and tap the arrow in the top-right corner of the post to report it. Tap Give feedback on this post, and then Spam. If you get an email asking for your Facebook info, don't click it. It's phishing, a scam to grab your information for a nefarious purpose like identity theft.

Turn on Login Alerts

As a preemptive strike against hackers, turn on Login Alerts to get notified if anyone's logged into your account from a new phone, tablet, or computer. On your mobile device, go to More, Settings, Security & Login, then Get alerts about unrecognized logins, and choose whether you'd like to receive your alert on Facebook or via email address or messenger. On your desktop, go to Settings, then Security. If someone else has logged in, let Facebook know and the social media company will secure your account and personal information by changing your password and reviewing recent posts to ensure you made them.

FOLLOW Download.com on Twitter for all the latest app news.

Recover a hacked account

If your account's been hacked, click "Need Help?" on your mobile device's log-in screen, then tap Help Center, Privacy and Safety, and Hacked and Fake Accounts. Then select the topic "I think my account is hacked or someone is using it without permission." You'll then be taken through the steps to change your password and review all recent posts to ensure that they were made by you. If any weren't, report them for deletion. From your desktop, go here and Facebook will help you secure your account.

Deactivate or delete your account

For people no longer using their Facebook account, account deactivation or deletion might be worthwhile. Deactivating your Facebook account hides your account and removes your name and photos from most things you've shared. To do this, go to Settings and tap Security and Login and then Deactivate. You can later reactivate your account with a log-in.

Or you can completely delete your account, which means, after 14 days, your account and anything you've posted will be permanently wiped from the Web, without the option of reactivation or recovery. Note: Facebook may retain a copy for three months and other nonidentifying information for longer.

Also see