A friend of mine logged into her account yesterday after 2 weeks of being off facebook, and was devastated to see that she had shared pornographic images with friends and family; I had a good laugh about it, but she was madd... After seeing an outburst of facebook accounts being hacked, including lots of my friends accounts, and reading a 2011 survey which showed that 30% of teen’s accounts had been hacked – by a friend! I have decided to share some knowledge on things you can do to reduce the risk of your facebook account being hacked. There are mechanisms things you can use to protect your account from being hacked, we will go through each one of them in detail here, and how to implement each one.
Enable Facebook Security
Facebook has already implemented some mechanisms to provide security features for your account. So, lets get to securing your account; on the facebook menu bar at the top to the far right there is a little arrow, when you click on it, there is a nice dropdown there. From that dropdown, select "Account settings" and this will take you to a page with your account settings.
When on the Account Settings page, there is a menu on the left of your screen, Click on the Security tab from that menu, and you will be taken to a page looking like this:
On this page you would want to ensure the following sections are setup properly.
Your security question is used to retrieve your account in the case it has been hacked, blocked, etc. Security questions are also used to reset passwords if you have forgotten your password. Set a security Question.
Enable Secure browsing
Enabling Secure browsing means that from now on you will be browsing facebook over a Secure Internet Connection. Secure Connections can reduce the risk of successful hacking attacks by over 90% (More on secure connections at: http://cleverlogic.net/articles/secure-socket-layer-overview
Enable Login notifications. Login notifications give you a Facebook notification every time a new or untrusted device logs into your account.
Setup Recognized Devices
This is a process of telling Facebook about devices you own and use to access Facebook. Doing this would tell facebook to only allow your computer and mobile phone to use your account, any other device connecting to your account would need to enter a Security code that you will setup in this process. Remove all devices from this list that don't look familiar to you.
Enable Login Approvals
This feature requires that you have a cell phone capable of receiving text messages. When enabled, you will receive a code via text message if your account is accessed from an unrecognized location.
If you don’t have many apps associated with your Facebook account, you can probably leave this off. If you do enable login approvals as described above, and you do use apps such as Skype through Facebook, then you may want to set app passwords. You can read about this feature on Facebook Help and Inside Facebook.
Remove all active sessions except your current session. Every time you log into Facebook, a session is created which stores your login information so that the next time you open the browser, you remain logged into Facebook. You may have been logged in from a few devices therefore closing all of these login sessions ensures your account cannot be accessed from any device except the currently used one.
Use A Strong Password
The first and most important thing you can do to protect your account is to use a VERY STRONG password. Facebook allows and advises passwords to be a combination Upper and Lower case letters, numbers and other characters. People use common words, etc because they are easy to remember, so i'm not telling you not to use common words and forget your password after 1 day. However, if we use a combination of common words and dates and maybe patterns, we can thereby create a strong password. Take an example: Say I like cricket and use cricket India in my password, and my date of birth is 2011-10-15th. A strong password would be a combination of these, and maybe putting in uppercase somewhere there, so we can have a password like "Cricket_2011-10-15_India". That there is a very strong password, yet very easy to remember. Note: This is not my password, so don't go trying it.
Avoid Open Wi-Fi
STOP Using open Wi-Fi networks, open Wi-Fi networks are those that are not password protected. When Wi-Fi networks are open like this, anyone on the network can view all data that is being transferred over this network. They can use simple methods and steal your password or session information, and use this to gain access to your account. A tutorial demonstrating the simplicity of this attack can be found here: http://cleverlogic.net/tutorials/session-hijacking-facebook-accounts
Maintain Public and Private Email Addresses
The email address you use for Facebook should be distinct from the one you use where security is more critical – such as your online banking or Paypal account. If your Facebook account gets hacked its embarrassing. If that is the same email used on your more secure accounts, now that vulnerability could be costly. Obviously, if you are selective with your email addresses and periodically change your passwords, you minimize your chances of being hacked. Did you know that anyone can search Facebook for an email address? For example, if you are looking a common name such as John Smith, you only need to search with their email to find the right one. This is handy for finding your friends on Facebook, but also useful for hackers. The safe bet is to use distinct passwords for your public and private email addresses. There are even more ways to protect your Facebook and other online accounts, but these 5 are the most essential, and they are specific to Facebook, which seems to be the site that is the most vulnerable.
Another way you can protect yourself from hackers is by logging out of your account when you are finished using facebook. Doing this will help block hackers, though it will be a bit complex for me to explain why here. However, just to share: hackers widely use an attack called Session Hijacking, and doing this can help prevent this attack. More on session hijacking can be found here: http://cleverlogic.net/tutorials/session-hijacking-0
Review Permissions Granted to Third Party Apps
When you grant access to Facebook apps, those permissions endure long after you stop using them. Go to this link to review your Facebook app permissions – and disable any you are no longer using. You will probably be surprised at the long list permissions your have previously granted!
What to do if your Facebook account has been hacked
If your account have already been hacked, facebook have provided some mechanisms to help you recover your account.
Go to https://www.facebook.com/hacked
and follow the instructions on-screen. You’ll go through three steps:
Verify your account and change password. You’ll be asked to identify your account, change your password, and change the password associated with the e-mail account that you use for Facebook.
Review and fix anything the cybercriminal changed.
So these are basically some of the ways we can help to protect our facebook accounts from hackers, some of these methods can also be used to prevent other accounts. I Hope this article has been helpful to you guys, If you have any comments, suggestions or anything to add to the article, please post it in the comments section below.