Facebook has over 1.49 billion monthly active users, with people in the U.S. spending a staggering 27 hours on the social networking site every month.
The company thinks that that kind of sky-high usage and engagement gives it certain responsibilities.
“Because people interact with Facebook so often, we’re spending a lot of time thinking about how we can play a role in helping increase security literacy overall across the internet,” Facebook security product manager Melissa Luu-Van tells Business Insider.
The company released a “Security Check-up” feature for users and continues to try to find ways to get people thinking about security, Luu-Van says. In some emerging markets in particular, Facebook could be people’s first on-ramp to the internet, through its Internet.org efforts.
“We want to help people develop that muscle memory and start thinking about security in a different way,” she says. “Good security practices are important for all your accounts and services.”
Business Insider: 4 traits That Make Developers Highly Desirable by Employers
Luu-Van — who says that Facebook is trying to spread the gospel that good security is proactive versus reactive — outlined five things principals that internet users should be thinking about whenever they sign up for a new internet service:
1. Always use good password practices
On the one hand, duh.
On the other, picking a strong, unique password sounds obvious, but people are notoriously pretty bad at it.
Although memorizing different passwords for all your account feels like a big hassle, having the same one for multiple accounts is needlessly dangerous.
Luu-Van says she recommends thinking of fairly long passwords that wouldn’t be obvious to anyone but you, or using a password manger (here are a few options). So, no “password” as your password please.
Business Insider: How to See Everything Google Knows About You
2. Login approvals — also called two-factor authentication — is a must
“You should always add this extra layer of protection to your account,” Luu-Van says.
Two-step verification is a way for websites to confirm that you are who you say you are when you try to log in, usually through a code that gets texted to you.
Here’s how to set it up for Facebook, Google, Microsoft products, and more.
Business Insider: Here’s What You Can Do to Protect Your iPhone After the App Store Hack
3. Know what sort of “permissions” you’re giving apps
You’re probably familiar with that box that shows up whenever you download a new app, asking you to give it access to parts of your phone or information on the account your using to sign in with (for example, if you login with your Facebook account). You should actually pay attention to it.
You should routinely check what you’re giving different apps access to, deleting permissions for ones that you don’t use anymore and making sure that your comfortable with how your data is being taken, by whom.
“We’re hoping that people will become more accustomed with reviewing the information they share with apps,” Luu-Van says.
Business Insider: These are the Best Headphones You’re Going to Find for Less Than $10
4. Set up “trusted contacts” in case you do get locked out of your account
Instead of writing your password down somewhere so you don’t forget it (since any physical or digital documentation could fall into the wrong hands!), you should set up a trusted contact who can help you if you’re in a bind. Many services now allow you to set a back-up email or phone number to send special codes to that you can use if you’re locked out. That contact doesn’t actually get your password: Just a code to help you reset yours.
“Forgetting your password happens to the best of us, from time-to-time,” Luu-Van says. “The bigger picture here is being really proactive about making sure that you can get back into your account in case something happens.”
Business Insider: Hackers are Coming for Your Home — Here’s How to Protect Yourself
5. Make sure you have a legacy contact
This is the most morbid of Luu-Van’s tips, but no less important than the other ones: You should make sure that there is someone ready to take care of your digital accounts when you die.
“This stuff is super important to consider, even if it’s not something you want to be thinking about day-to-day,” Luu-Van says. “Do you want someone to be able to access these things and manage them on your behalf? You need to set up a way for someone to take care of your affairs if something happens to you.”
Learn how to set up your Facebook legacy contact — and see exactly what they can do — here.
This article originally appeared on Business Insider
More Must-Reads from TIME
- Why Trump’s Message Worked on Latino Men
- What Trump’s Win Could Mean for Housing
- The 100 Must-Read Books of 2024
- Sleep Doctors Share the 1 Tip That’s Changed Their Lives
- Column: Let’s Bring Back Romance
- What It’s Like to Have Long COVID As a Kid
- FX’s Say Nothing Is the Must-Watch Political Thriller of 2024
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com