A good friend of mine recently had their Facebook account hacked and it took several days to get things back under control. Even though I had taken some steps to try to prevent this from happening to me, I decided it was a good time to review what I had done and see if there were any improvements that I could make. I did find a few things to do and have taken those steps to increase the level of protection around my account. Here is a review of what you can look to do to prevent your Facebook account from being taken over by someone else. Don’t feel that you have to implement these all at the same time. Gradually putting these steps into affect will help you get used to the change in the login process. The only thing that is worse than only doing one or two of the steps that I will outline will be to do nothing at all. All of the settings I refer to can be found under your Profile on Facebook under Settings, Security Settings.
1. Use a Strong Password
For those that aren’t familiar with this term, a Strong Password is one that contains (where permitted by the website or service) a combination lower case letters, uppercase letters, numbers, punctuation or other special characters to make up a password. The longer the password is, the long it will take for someone to guess or hack your password. This is an area where I am probably as guilty as everyone else is on this. I have a “favorite” password or two that I liked to use in the past. This kept me from having to have a way to keep track of all the passwords that I used on different websites. With more websites adding additional layers of security such as challenge questions, etc., I have had to start using a password manager app to help keep track of the different passwords, the challenge questions and answers used on a particular website, the recovery procedure if I am locked out of a website, what additional login procedures I have used for that site, etc.
I use a password manager app called mSecure. It is a multi platform (i.e. Windows, Mac, Android, iPhone, etc) app so that you have close to the same interface regardless of how you are using it. It also has several different ways to synchronize the password database so that you should also have the same version of the login information on each of your devices that you use it on. There are a variety of apps to choose from in this area, so look for the one that best works for you.
2. Use a Unique Password
This one will be a bit of a pain but the time taken to do this will pay off in the long run. Look at it this way, if one of your logins on a particular site is compromised or hacked, you have taken a step to minimize the potential for additional website logins to be breached as well. Most password manager apps have the functionality of helping you generate a unique password. There are other apps that do this as well. A search of the app store for your phone or the internet for you laptop/desktop should show you some options to look at.
Different websites have different rules for how you can make your password strong. Some will let you use “special” characters such as * or +, others wont let you use those characters but will make sure that you dont use a password that can be looked up as a dictionary word. Some will not allow the same character or number to be used repeatedly. Remember, the more uniqueness you can have in a password makes it that much more difficult for someone to hack your account.
3. Login Approval from Cellphone
This is an option under the security settings in your Facebook account that will require the entry of a 6 digit code sent by Facebook via SMS to the cell associated with your user account. If you can enabled the two factor authentication described later, this setting wont be enforced as you are using something that is considered more secure at protecting your account. If you don’t want to implement two factor login or arent comfortable with doing so at this point in time, this is an option worth looking at as an additional precautionary measure. I have seen one exception to this after I enabled it and cleared all of the open or active sessions, that I get prompted for a SMS code instead of a pin from the Google authenticator app when logging in using the Facebook app on my smartphone.
4. Login Alerts
You can have FaceBook send you an email or text when a login is attempted from a browser that isnt recognized. Even with having two factor authentication setup on my account, this is an additional level of notification just to remind me that I will get notified when logging in as a reminder to check if I get this kind of email and I havent logged in to check for a problem on the account.
5. Code Generator
This could be worded a little differently as it initially doesn’t make a lot of sense. Google created a two factor authentication service several years ago. If you haven’t heard of two factor authentication before, look at it this way, a password is something you know, the code from a login token app is something you have – hence the name two factor authentication. Using the Google Authenticator App and your smart phone, you establish a link to your Facebook account that during the login process, you can enter a 6 digit pin that is constantly changing from the Google Authenticator App that increases the level of difficulty of someone logging in as you. You can find this in the app store for you Android or iPhone Smartphone by searching for “Google Authenticator”.
During the registration/setup process for the Google Authenticator app or whatever compatible app you are using (such as Authy), there is what is known as a QR code that will be displayed on the screen. You will use the camera on your smartphone to “read” the QR code. This gets the information into the app you are using for two factor authentication without having to enter a long string of numbers and letters. Since other social media and websites are also starting to use this two factor system, I usually take a screenshot of each QR code that I have used to setup the two factor app on my phone so when I change phones, and I do, that the process of setting up the two factor app on th new phone will be a little less painful.
6. Remember Browser screen prompt
This is a question that you will get during the login process where you can “remember” the browser that you are logging in from so you dont have to use all of the additional login steps that you have just put in place. I would suggest answer no to this one every time you log in. This may be a pain but look at it this way – if your mobile device or laptop is stolen, you have just added an addition level of protection by requiring that the two factor authentication process be used on every login attempt. If you do happen to Remember the browser you are using, that will supersede the use of two factor authentication for this browser. You can get that to work again by following what is suggested in the next step.
7. Delete all active browser and app sessions that Facebook knows about
I initially didn’t do this and wondered why that the additional levels of security I had enabled werent taking affect. The best plans in the world aren’t any good unless you make sure that they are actually working. This is a setting that you will need to periodically review to make sure an errant session hasn’t made its way into the list and therefore make it easier for someone else to get access to your account.
8. Logout of Facebook
This is another area that I am guilty of as well. When in a hurry, I just close the app or browser session instead of logging out. Taking just a second or two to use the logout process might be the one thing that could make it more difficult for someone to login to your account the next time.
I hope that these steps help you keep your Facebook account safe from unwelcome visitors. If you have any questions or would like to see the what additional precautions can be taken for another social media account, website or service that you use, please contact me using the Contact Me menu option at http://www.ronnutter.com. Please click here to get automatically notified of future articles on this and other topics – http://www.ronnutter.com/list/.