Home Safety Guides Social Media Secure Instagram & Facebook
Social Media Intermediate

Secure Your Instagram and Facebook Account

Mar 2026· 9 steps· Safety Guide

Instagram and Facebook accounts are prime targets for scammers — a hijacked account is used to scam your followers, sell fake products, or hold your account ransom. Here is a 9-step hardening guide that makes your social accounts nearly impossible to hack.

Why This Matters

Scammers actively target Instagram and Facebook accounts because they have built-in audiences of your contacts. A hijacked account can be used to run fake giveaways, sell counterfeit products, or send phishing links to all your followers — all while you are locked out.

Step-by-Step Guide

  1. 1Enable two-factor authentication on Instagram via Settings, Security, Two-Factor Authentication.
  2. 2On Facebook, go to Settings, Security and Login, then Two-Factor Authentication.
  3. 3Set your profile to Private so strangers cannot see your followers or contact list.
  4. 4Review all third-party apps connected to your Instagram and Facebook under Apps and Websites in settings — revoke access from anything you do not recognise.
  5. 5Never click login links sent via DM or email — always log in by typing the app name in your browser or opening the official app.
  6. 6Set up a Trusted Contacts list on Facebook for account recovery in case you are locked out.
  7. 7Regularly check Login Activity in Security settings to see if any unrecognised devices or locations have accessed your account.
  8. 8Use a strong unique password for each social account — do not use the same password as your email.
  9. 9Be extremely cautious of DMs from brands or accounts offering sponsorships or prizes that ask you to log in via a link.

✅ Quick Tips to Remember

  • Enable 2FA before you get hacked — recovery is much harder than prevention
  • Review connected apps every few months and remove unused ones
  • Your social account email is the key to recovery — protect it equally well
  • Never share your login OTP with anyone even if they claim to be Instagram support
  • Instagram and Facebook will never DM you asking for your password

Common Mistakes to Avoid

Reusing your email password on social media accounts. Clicking login links in DMs even from accounts that look familiar. Keeping old apps connected to your social accounts without reviewing them.

⚠ Warning Signs You Are Already at Risk

  • Friends tell you they received strange messages from your account
  • You see posts you did not make
  • You receive login notifications from locations you have not been to
  • Your account email or phone number was changed without your action