Facebook (and Online) Security, A PSA.

This a Public Service Announcement. A friend of Logical Developments had their Facebook account hacked, and so we thought it best to address the issue of online security. This is a basic overview, and not at all the definitive word on all things security.

What do we mean by the word ‘hacked’? Hacking isn’t when a friend finds your phone or computer already logged onto Facebook (or any other account), where they proceed to post a joke status, or tweaked a profile detail. ‘Hacking’ as defined by the Australian Government (at Stay Smart online), refers “to unauthorised access of a system or network, often to exploit a system’s data or manipulate its normal behaviour”. A hacker might try to break into your Facebook account because they want to use your personal details (Age/date of birth, location etc.) and your password in order to gain access to something like your finances. The underlying assumption is, users only have a handful of different passwords at most or variations of the same password.

Preventative measures:

Reset your password. Facebook suggests making it unique and to avoid using common words. A good option for a password is four random, but memorable words strung together – the comic xkcd has a good explanation accompanied with a memorable example.

Once you’ve reset your password, ‘Two-factor authentication’ (2FA) is worthwhile tool to enable. While it might feel a bit much for Facebook, given all the personal information that we share, it’s a proverbial gold mine for clues to breaking into other ‘more important’ accounts. As such, it’s worth making it hard for others to gain access to it. 2FA “provides a way of ‘double-checking’ that you’re really the person you’re claiming to be”. With 2FA enabled, your account will ask for a code sent to either your phone number via SMS or to a dedicated application (such as Google Authenticator). This is done whenever you log in from a new device, or want to change account details (like changing email addresses or changing passwords). 2FA also comes into play if Facebook thinks you’re acting strange.

As mentioned above, you can use your phone number and have codes texted to you, or you can use a dedicated app on your phone. While using your phone number might be more convenient (because it might already be in your details), it is more secure to use an app (and doesn’t require you to give out your phone number if you haven’t already). Don’t just use it for Facebook, see if any other sites you use has 2FA available.

If you’re worried about trying to create and remember a dozen or so new and unique passwords, you can try a password manager. You could get away with using the ‘keychain’ built into your browser of choice, but if you want to have a solution work across all your devices a dedicated application is the way to go. There are programs such as LastPass and Dashlane (You can find a list over at Cnet) or by Googling ‘Password Manager’. Both LastPass and DashLane have free or a paid subscription options.

Password managers can remember all of your unique passwords, and can auto fill many of your favourite websites with your login credentials. All you need to do is create a strong password (like the xkcd one) and away you go. After that, your password manager can generate passwords for you so you don’t have to.

To stay safe, reset your password (make it unique!), consider a password manager and turning on Two Factor authentication. Facebook also has a security check upthat you can complete. Another thing to consider is checking your privacy settings – by default your profile is very open and easily found (try googling yourself and see what comes up).

Beyond that, you can further protect yourself by reading up on common scams and phishing attempts (Facebook has a summary here). If you think you’re Facebook account has been hacked go here), and if you think a friend has had an account hacked go to their profile and report them (the option is next to the ‘message’ button under the ‘…’ button which can be found under their cover photo). Also, don’t forget to maybe lodge an incident report with the authorities!

Tagged with: , , , , ,