Wanda writes: I am getting emails each day telling me someone is trying to get into my Facebook account. How do I stop this!

Hi Wanda! If you’re receiving alerts from Facebook about login attempts on your account, and it wasn’t you, that’s a problem. The good news is that there’s still time to stop would-be hackers from cracking your Facebook account. Here are five things you need to do right away, starting with…

Change your password

If you suspect someone is trying to log into your Facebook account, change your password, pronto.

Facebook change password

Just click the little downward arrow on any Facebook web page, click Settings, click Security and Login in the left column, then click the Edit button next to Change Password.

So, what should your new password be? Ideally, it should be at least 10 characters, including a mix of letters, numbers and symbols, and you should avoid recognizable words. If that sounds like a royal pain, a password manager can offer some much-needed assistance.

Bonus tip: You can perform most of these security tips on the iOS and Android versions of the Facebook app. To get started on iOS, tap the More button in the bottom corner of the Facebook app, tap Settings, then Account Settings. For Android, tap the three-line More button in the top-right corner of the app, then tap Account Settings.

Related: How to view everything you’ve ever liked on Facebook

Turn on login notifications

Even the strongest of strong passwords won’t stop a determined hacker from sneaking into your Facebook account, and that’s where this next security precaution comes in handy.

Facebook unrecognized login alerts

You can set Facebook to warn you whenever someone logs into your account from an “unrecognized” device—something other than the laptop, phone, or desktop PC that you use for Facebook each day.

Click the downward arrow in the top-right corner of any Facebook page, click Settings, then click Security and Login in the left column.

Next, in the Setting Up Extra Security section, click the Edit button next to Get alerts about unrecognized logins, then specify how you’d like to get your alerts, including via email, text, or Facebook web alerts.

Related: Put posts from your besties at the top of your Facebook news feed

Log out of Facebook sessions that you don’t recognize

Got a funny feeling someone else is using your Facebook account? There’s an easy way to view all your active and recent Facebook sessions, and log out of some or all of them.

When you log out of a Facebook session, anyone using that session will be unceremoniously logged out—and if you’ve just changed your Facebook password, they won’t be able to log in again.

Facebook security log out of session

Click the downward arrow in the top-right corner of any Facebook page, click Settings, click Security and Login in the left column, then check out the Where You’re Logged In section.

If you see any sessions you don’t recognize (make sure to click the See More link to see all your open sessions at once), click the three-dot button next to the session and click Log Out (to simply log out that individual session) or Not You? (which will take you through a series of steps to secure your Facebook account.

To log out of all your open Facebook sessions at once, click the Log Out Of All Sessions link at the very bottom of the list.

Related: How to keep the world from seeing your Facebook friends list

Turn on two-factor authentication

One of the best ways to keep hackers out of your Facebook account is by enabling a second layer of security above and beyond your password.

With two-factor authentication switched on, anyone who tries to log into your Facebook account from an unknown device will have to have to have a second code besides your password.

Facebook iOS app Code Generator

There are a variety of different ways to get the second code, which is generated by Facebook and different every time. You can get them delivered via text message, or using a “code generator” on the Facebook for iOS or Android app, which gives you a new authentication code every 30 seconds. You can also print out a series of 10 codes that you can keep in a safe place, handy if you’re travelling. Last but not least, you can use a U2F security key, which lets you authenticate yourself using a USB stick.

To get started, return to the Security and Login section (click the downward arrow, click Settings, then click Security and Login), then click the Edit button next to “Use two-factor authentication.”

Now, go ahead and enable the two-factor authentication you’d prefer to use. (If you’re familiar with the Facebook for iOS or Android apps, I recommend the Code Generator option.)

Related: View your Facebook profile as strangers see it

Pick some “trusted contacts”

Let’s say the worst happens: a hacker breaks into your Facebook account and changes your password, effectively locking you out. Now what?

Well, you can always ask Facebook for help, but you’ll have to convince them you’re you before they let you back into your account. If you plan ahead, though, you can save yourself the hassle.

Facebook trusted friends

Facebook’s “trusted contacts” feature lets you pick three to five Facebook friends that (you guessed it) you trust completely. If you lose control of your Facebook account, you can call your trusted Facebook friends, who can then help you regain access your Facebook profile.

Click the downward arrow in the top-right corner of any Facebook page, click Settings, click Security and Login, then click the Edit button next to Choose 3 to 5 friends to contact if you get logged out.

Facebook will notify anyone you add to your “trusted” list that you’ve picked them as a trusted contact, although they won’t get alerted if you remove them from your list.