Episode 109: Security Series #1 Protecting Your Personal Profile on Facebook

Key Highlights Steps for best practice password security How to

Jody Milward

Key Highlights

  • Steps for best practice password security

  • How to make sure your Facebook Profile has high security

  • Where to check alerts for unauthorized logins

  • How to check whether that Facebook email is legit

  • The back door access you didn’t know about and how to remove it

  • What to do (& not to do) when you’ve been hacked ☹️

Getting hacked. It seems like it may be a case of not if, but when. Well, that’s what we’re talking about today in this episode of Online Confidential, where I take you behind the scenes to talk about ‘Secret Ad Manager’ business.

This is certainly something that seems to be on the rise. People’s ad accounts and their Facebook profiles getting hacked.

In fact, I recently just met a top IT security expert who actually works for the Australian government. They were a former soldier and they were one of three government military people that were invited over to Elon Musk’s Hackathon where people, something like 200 people were there from various government departments, Australia, United States and other corporate locations in the US were invited to Las Vegas by Elon Musk to hack the Tesla.

And you know what? They all did.

Hackers are very, very savvy and we as ad managers need to not only protect ourselves and our assets for our own business, but we have access to clients’ accounts too. So it’s even more important that we and our team members have the best security set up that we possibly can.

Yes, there is Facebook two factor authentication. We all know that’s not exactly what it’s cracked up to be. People can still, when they’re malicious, get in and hack our accounts, but we need to at least make sure that we have done all that we can. And then also educate our clients to do the same things for their own accounts and their team members need to do these things as well.

This is a big issue. There’s lots of parts to do with security, and in this video, we aren’t just talking about your own personal security and what you can do, but also what your team members really need to do as well, before we go in and look at our assets of business manager and what security we can set up there.

Is your password unique to Facebook?

So, for our personal profiles. Let’s dig into it. What security do we need? What can we set up to best prepare ourselves to avoid getting hacked?

The first thing we are going to look at are our passwords, obviously. Now, first of all, we don’t want to use a password that we’re using elsewhere. Make this unique to Facebook and make it hard, make it one that you can’t even remember. I know that sounds scary, so write it down on a piece of paper if you have to.

Or better yet get a master pass platform. There’s various ones like OnePass and LastPass. There’s just a couple of things there. Have them secured there and automatically generated, see what they prompt as a password. So that it’s not going to be compromised elsewhere or on other platforms. This one’s unique to Facebook.

Now, a word on that. If you have team members that do log into your Facebook account, I know some of us do that. There are risks involved with that. Facebook could shut down your account because of unusual activity if a team member is logging in at a different location. This can even happen to you when you’re traveling and you log in from a different location.

Facebook can flag it for unusual activity and your account could get disabled. Generally, it’s just a few steps. That’s what I’ve had to do and I’ve had to verify with two-factor authentication to get back in.

But a word of warning, if you have team members accessing it, and maybe for some reasons they just have to then use a master password platform where you disable the ability for them to view the password.

So they can’t see the password. But they can still log in. That’s another layer of security. But again, word of warning when you have other people logging into your account, it’s risky stuff. Okay, so passwords, hard password, unique to Facebook, so don’t have it anywhere else. First thing, looking at our passwords.

Now that we’ve got our passwords all set up, we want to look at the security area in Facebook. When was the last time you looked there? Go there now. Check it out. You’ll get there just by clicking on that button, your little photo in the top right corner.

Facebook Personal Profile Security

Go to Settings & Privacy, Settings, and there you’ll be able to get to all that information in the security login area, familiarize yourself with what is back here, all the things that are so important for the integrity of your Facebook account. Go through, check them all.

This is where you are going to see Facebook Protect.  Make sure you have Facebook Protect turned ON.

Also while you’re here, have a look at the list of authorized logins. These are browsers or places where you’ve logged in or a team member is logged in and they’re now authorized to be able to get into the Facebook account without having to put in any login details. Check those. Make sure they’re as recent as possible and yours. That they are your locations.

Now, if you are using a VPN service as some people do, that may jump around a bit. And that could also cause some issues for you with regards to that unusual activity that I mentioned earlier. So have a look at those authorized login places and remove any that are no longer applicable for you.

Two-Factor Authentication

Now we come to two-factor authentication. As I said earlier, we know this is not 100%, but it’s the best we’ve got here with Facebook. Now, when it comes to the two-factor authentication there are known issues with SMS being compromised, so that may not be the best option for you to get that two-factor authentication code.

There is another option there for emails, which again, if your emails get hacked as well, which could get people into Facebook, that may not be the best option. So look at the third option there of the authenticator app. There’s Google Authenticator or Authy. There’s a few out there.

You can set up this authentication app so that is the way that you will be able to verify and get that two-factor authentication and log in. It may just be more secure. Again, no guarantees, unfortunately, these hackers are really smart. But that would probably be the preferred option to avoid the SMS if it’s compromised or if your emails have been compromised.

So, two-factor authentication. Make sure this is turned on.

Now you also want to make sure that you get the alerts if people are trying to log into your account. Now, Facebook was previously sending messengers and emails or SMS to alert you. This is now just going to be notifications or very soon notifications on Facebook. So that’s the first sign you will get that someone’s trying to log in.

So if you’re asleep at the time, unfortunately, they’ll get in I’m afraid. You won’t be able to get an alert going off on your phone. You’ll need to have Facebook open and be able to see those notifications.

How to check whether ‘that email’ from Facebook is legit

Now at the bottom of that page, you will see Advanced Features, and this is where you can actually go and see the emails that Facebook has sent you, because I don’t know about you, but I’ve got phishing emails from places that would say, ‘your Facebook account has been compromised’ or ‘did you request a password? Click here’.

And that click is a dangerous click. It’s going to send you off somewhere where these hackers are going to get your details because it’s going to look like Facebook. You’re going to put it in because they’ve caught you off guard and you’re panicked and you just follow the instructions without taking time to look.

There is actually a list on Facebook where you can look up Facebook email addresses. There is a list of email addresses or URLs that typically are sent from Facebook. But amongst all the panic of getting this notification, head over here into your security and logins area. Go to the bottom and you will see the emails that Facebook has sent you.

So you’ll be able to see if it is a legit email and you’ll be able to respond there. Never click on a link in an email or an SMS, that’s just best practice all around these days. Come back into Facebook and check there.

Also, this is a great tip to advise your clients about. So when you have an onboarding call, include this information into it because otherwise your client, at some point they’ll get this notification, they’ll panic, they’ll click on it, and then their account is compromised.

Put this up in your onboarding process so that your clients are educated about these kinds of things.

Now that we have gone through our security, we’ve made sure Facebook Protect is on. We’ve got two-factor authentication turned on. We’ve cleaned up that list of authorized logins and browsers. Come back over and have a look at the Apps and Websites and get prepared to have your mind blown.

Who have you given access via your Facebook login to?

These are apps that we’ve generally just assigned to be able to log in via Facebook. Oh boy. When I went and had a look at this, I couldn’t believe my eyes. It went back to apps from 2010. And these are ones when we’re just on the go and we need to use this app. It’s very easy because we’re always logged into Facebook.

We just tap the app and we can use our Facebook login. These apps are actually another area where our accounts can be compromised. So go in and check the apps and I’d suggest you remove any apps that really, really are not essential to you using Facebook. I had apps that went all the way back to 2010, and this is an extremely painful process.

Only nine will appear at a time and you think, oh, phew, I’ve got it done. And then you click see more and boom, there’s another nine and see more, there’s another nine. You can’t just check all the boxes and delete them all. It’s one by one. So get comfy, go and turn on Avatar on the TV, and just go through because it’s going to take a while to go through and remove all these apps that you may have added.

Like I said, this is something that your team members really need to do as well, so if they have access to your business manager, access to client’s ad accounts, they really need to do this as well.

Okay, so you’ve checked all your security, you’ve gone and removed all those apps, and you’ve enjoyed watching Avatar, Jake Suli and all of that. But what happens if the worst happens and your account is compromised and you’re hacked?

Well, hopefully you’ll be there on Facebook. You’ll get that notification.

What to do (& not to do) when you’ve been hacked

One of the things is to act FAST.

So you’ll get that notification on Facebook. Great, head over there. Change your passwords.

If you haven’t had that opportunity, maybe you see an email that comes through. This is when we can panic. We’ll get the email saying that your new password has been requested and you’ll go, ‘I didn’t do that’.

So you click on the link in your emails. Again, don’t do that.

Make sure that you head over into your Facebook profile to Settings, Settings and Privacy, and get into your security info.

Go down to the bottom there to the Advanced Settings and make sure that the email actually did come from Facebook. So that it’s not a scam, and then you’re setting yourself up.

Come over, check it out here on Facebook, see if it was actually from them. If it was, get in there, change that email. If it’s too late and you can’t log in via your email go to the login page and click on Forgot Password.

When it comes to Forgot Password, you’ll then likely (at the time of recording), be prompted to get your email or the verification details or a code sent to you, either by your phone number, email, or SMS.

If you can see that any of those contact details are still yours, then select that option. If the hackers have unfortunately removed your emails, removed your phone numbers, and any of those things, click on the button that says ‘I no longer have access to these’. This is actually, we’re going back to our two-factor verification.

You also have the option to download codes, download the codes, and see if they may be able to help you also to be able to log in at this time.

If all of that fails, if they have kicked you out and you can’t get in, you can go to and you can start conversing with Facebook there to let them know of the situation and hopefully resolve this for you.

Now, there is no timeframe. This could take days, it could take weeks, unfortunately.

Consider becoming Meta Verified

This is where possibly Meta Verified could be helpful. It’s that paid subscription service, it came out here to Australia, as at the time of recording, it’s just come over to the USA and people are still on wait lists.

Fortunately, I had been able to get it and I know some other people who were able to get it also.

Someone had their Facebook account shut down for unusual activity, but because they had Meta Verified on Facebook and they also paid for this subscription over on Instagram, they actually went over to Instagram and went to the Meta Verified Support on Instagram, and it was being able to access Support there that they had a speedy response and their page was up again and they were able to get access to it in just a matter of hours.

So no guarantees about whether Meta Verified would help you in a situation like this. But if this is your job, if this is your livelihood, then having Meta Verified can be a very, very worthwhile investment for your business if it can help you to recover any accounts and speed up that process for you.

That’s something to consider to get that, and unfortunately, if the worst does happen, you may have that as an additional place where you’d be able to get action taken fast.

So I hope you’ve found that valuable today.

As I said, this is something that you really need to do and your team members need to do, anyone that has access to your business manager, access to client accounts, access to your profile, this is essential that all your team members go through this as well.

So, I’d suggest having this video on hand.

Arrange a time in your next team meeting or arrange a team meeting ASAP and go through this entire process together. You can all watch Avatar together. Do a watch movie thing, a shared movie thing on Netflix or Amazon or whatever to remove all those apps and go through this together.

Otherwise, and this is again, is what we often hear, it may be one of your team member’s accounts that have been hacked and compromised, that then compromises your account and compromises your client’s accounts.

It’s essential that they do this, and therefore this could be something that needs to be incorporated into your contractor agreements or employee agreements because of the nature of the work here, that with their Facebook accounts, they need to x, y, and z, something to consider.

I hope you found that valuable.

If you have any questions, just leave them below or send us through an email at, we’ll be happy to answer them for you.

So that’s it for today. Thanks for joining me. Stay safe. Bye for now.


I love to share practical information to help you improve your skills, learn something new or help you avoid the mistakes that many Ad Managers and I have made to help fast-track you on your journey as a well-paid and in-demand Ad Manager.