It's important to proactively secure your social media accounts, especially since you never know when an innocuous mistake could put you at risk[1]. But it isn't just a theoretical threat. Pranksters, vandals, and malicious attackers all look for ways to get into any legitimate account they can. So while you don't need to hide in a hole, there are some worthwhile (and easy!) steps you can take to keep your accounts from being hijacked.
Make the Most of Your Device Lockscreen
Set all of your computing devices[2] to lock quickly when you stop using them so you have protection from physical attacks. This mostly applies to reducing pranks and blocking rogue toddlers, but it doesn't hurt for defending against more extreme targeting as well. And don't forget to use a strong passcode or biometric to guard devices. If the unlock code for your phone is your birthday, you're not making it that difficult for someone to break in.
Use a Strong, Unique Password and Two-Factor Authentication
Dealing with passwords and two-factor is the single most important thing you can do to lock accounts down—that's why you've heard it a million times. One of the easiest ways someone can get into your account is by acquiring leaked credentials, and trying those email and password combinations across on other services. That threat goes away if you use different passwords across all of your accounts. (To make that a little easier, pick up a password manager[3].)
And requiring a second code, or "factor," to log into accounts means that even if an attacker does get your password, they'd also need control of a second device—usually your smartphone—to break in.
To add two-factor authentication on Facebook, go to Settings > Security and