If you don't already have this turned on, here's how to do it: Go to your Account Settings. Click the Security icon on the left and select Secure Browsing * Edit. Put a checkmark in the box next to “Browse Facebook on a secure connection (https) when possible.” Click Save Changes, and you’re done. Easy peasy.
* Turn on Login Notifications. This will alert you when your Facebook account has been accessed from a new device. Follow the same steps as above, only select the next item on the list. If somebody who isn’t you is accessing your account, you’ll get an email.
* Add a security code to new devices. If you want to be extra cautious, go to item number three in the Security Settings and set up Login Approvals. This will send a new passcode to your mobile phone every time you log into Facebook from an unknown device, which you’ll then have to use as your login password. It’s a bit of a hassle, so only do this if you’re really concerned about Facebook security (or more paranoid than the average bear).
* Change your password early and often. Yes, I usually ignore this too. But if you get alerts about somebody accessing your account who isn’t you, or see weird posts and messages on your Facebook page that you didn’t put there, odds are good somebody hacked or guessed your password. First step in the recovery process is to change your password ASAP. Follow the usual advice about using upper/lower case letters, numbers, oddball characters, etc. Yes, it’s annoying, but it’s also just as annoying to hackers, and that’s the point.
One caveat on the above: If somebody’s already hacked your email account, they’ll also be getting all your password recovery emails. So you’d better secure that first, following the same steps.
Image courtesy of ZDnet’s Zero Day blog.
* Be wary of scams. For example: the bogus “Remove Facebook Timeline” scam that is now circulating. Clicking “Continue” or “Like” on that one could allow the scammer to hijack your account. If you see an alarming message in somebody’s Facebook status updates, visit Snopes.com or just Google it and check it out before buttering it all over your page too. Odds are it isn’t what you think.