Are Facebook Protect emails a scam or legit?

Q: I keep getting emails that say that I need to turn on Facebook Protect – is this a scam or is it legit?

A: We’ve all been warned that phishing emails are one of the most common methods used by hackers to compromise our accounts, so it’s natural to suspect anything that looks like it’s coming from Facebook.

Facebook Protect was initially launched in 2018 to help high profile political candidates and elected officials better protect their accounts.

Facebook is now alerting anyone that they deem to be capable of reaching a large audience that they too should update their security settings.

The primary focus of this effort is to get those that have not setup 2-factor authentication on their Facebook accounts to do so.

2-factor authentication registers your cell phone number as an authentication method whenever Facebook sees that you are logging in from a new device or browser that they don’t recognize.

A temporary code will get sent to your cell number that will be required to gain access to your account.

This extra layer of security dramatically reduces the ability of an account compromise even if someone steals your username and password unless they also steal your phone at the same time.

Don’t Click On The Email Link
Despite the likelihood of the email message being legit, there is always a chance that someone has created a similar looking phishing message, so don’t ever click the link in the message to play it safe.

The safer approach is to go to your Facebook settings on a computer by clicking on the triangle icon in the upper right corner, then on the ‘Settings & privacy’ menu and then on ‘Settings’.

On the left hand side, click on the ‘Settings and Login’ option and scroll down until you see the ‘Facebook Protect’ option to get started.

If you have already set up 2-factor authentication, the ‘Facebook Protect’ option won’t appear, but there may be additional security settings you can turn on which will appear in the ‘Recommended’ section at the top of the ‘Security and Login’ page.

If you’ve been using the same Facebook password for years or one that you use elsewhere take a minute and change your password to something that is at least 15 characters long.

Using passphrases that you can remember that are longer such as ‘IHatePasswordsin2022!’ are much more secure than shorter passwords that are complicated and hard to remember. 8 character passwords are virtually useless with today’s powerful brute force hacking tools, so if nothing else, use your current 8 character password twice to improve security.

Another worthwhile setting to change is how Facebook will alert you when it detects a login from a location they don’t recognize.  You can choose to be alerted via a Facebook notification, by email to the account(s) associated with your profile or both.

While you are reviewing your security settings, take a minute to review the section titled ‘Where You’re Logged In’ to make sure you recognize all the devices and locations.  Anything that you don’t recognize or is from an old device can be removed by clicking on the three dots to the far right of the entry and clicking ‘Log out’. If you don’t recognize a device, make sure you change your password to play it safe.