3. Secure your account.
Facebook connects 700,000,000 people around the globe. Some say it’s a tool to spread democracy in a viral way. Other people just see it as a way to tell strangers that you are “playing hooky”.
Our Facebook accounts have become, in many ways, our online selves. Our digital identities mirror our real identities in that there is some information we don’t want to share with everyone. Even if you have your Facebook privacy settings literally set to “everyone”, you still may have private messages that you do not want public. Our challenge to share the right things with the right people. And to do that, you need to keep control over your account.
There are endless ways to hack unsecured accounts . While account cracking is a tough thing for a stranger to pull off, sloppy Facebooking can make it easy for your friends to take control of your account.
You’ve already secured your browsing. Now there are a few things you can do now to protect your Facebook. They’re listed in order of importance.
Use a strong password NO ONE can guess and don’t let your browser remember it
Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system. And don’t let Firefox, or any browser you use, remember your passwords. To clear your passwords in Firefox, go to “Tools” then “Clear Private Data” the close and reopen Firefox.)
Use unique passwords for all of your important accounts (and update them every few months)
For any account that really matters—your email, your bank and credit card accounts, Facebook—you need to use a unique, strong password that you do not use for any other account. You should update the passwords of your most important accounts every few months, at least. If you recognize any suspicious account activity in your account, change your password immediately.
Make sure your system software and Internet security are updated
Updated system and Internet Security can’t stop you from making security mistakes or being the victim of social engineering. But it can prevent most of the common attacks out there. Our free Health Check will tell you if your PC is protected. Once you are updated, be sure to update your most important software including your OS, browser, media players and PDF reader on a regular basis either through our Health Check or the software developers’ sites.
Watch where you click and watch where you land
Always check the URL in your browser to make sure you’re on Facebook when you enter your private information. And if you ever have any doubt about something that has been posted in your newsfeed, follow the Golden Rule of Social Media Security and don’t click. More on the art of clicking in #6 of this guide.
Always log out
You’re not keeping hackers out by staying logged in. They still can get in and you’re leaving your account open for a snarky co-worker or invasive family member to pry. And once someone is inside your account, they can change your password to keep you out.
If you use Facebook’s mobile app, always lock your smartphone
Your phone can give an intruder access to your and your friends’ private information. An intruder could also post status updates and photos as you. This could simply embarrass your or cause actual harm to your career or private life. I also recommend using a remote lock software like our Free Anti-Theft for Mobile on your smartphone if you lose it.
How To Make Sure You Can Get Your Account Back If It Is Hacked
If you start using a new email account, update Facebook settings
If your account is hacked, you need access to the email account you have in your settings. If you can’t get into that email because it’s closed, you’ve just greatly limited your chance of recovering your account.
Consider doing what Facebook recommends
Facebook now rates how secure your account is. It’s a powerful feature, as long as you take it seriously. If your account “Overall Protection” is rated “low”, Facebook will prompt you to add some information. I suggest you do this though it will require adjusting your notifications so you won’t get messages from Facebook that you do not want to see.
Add a secondary email
Facebook asks for a secondary email. This helps Facebook because now it will be able to connect you with more friends. And it helps you if you ever lose access to your primary email, or if your primary email gets hacked. So only add a secure email account with a unique password.
You can add your secondary email by going to “Account” > “Account Settings”> Find “Email” and click on “change”.
Add your mobile number
Adding your cell phone number gives you a secondary way to claim your hacked account. It also gives you the ability to get one-time passwords, which I’ll explain later. To change or add your mobile number, go here. On that same page, be sure to edit your notifications or Facebook will be texting you nonstop. Only activate your phone for this purpose if you keep it locked when it is not in use.
Add a strong security question
Make sure you choose a question that only you can answer. The last five digits of your driver’s license are probably better answer than the name of your first pet—since your friends and family may know that. The worst answer, of course, would be one that a stranger could figure out by looking at your profile.
For Extra Protection
Activate Account Protection
Want to be notified when a new computer logs into your account? Activate Account Protection. If someone gets into your account on a device you don’t recognize, you can login to Facebook and “end activity” on that login. Then you can, hopefully, change your password before the intruder does. Once you activate this feature, you’ll have to name every device you login from. It’s slightly annoying, but it gives you the kind of control of your account that will keep your account safe.
To activate Account Protection and “end activity” on any Facebook sessions you didn’t initiate, go to “Account” > “Account Settings”> Find “Account Protection” and click on “Save”.
Use Login Approval
You can prevent someone from logging into your account with Facebook’s new Login Approvals, as long as the attempted hacker doesn’t have access access to the mobile you have connected to your Facebook account. Login approval requires a new security code sent via SMS when you attempt to use your Facebook account from a new device. This requires a one-to-two minute setup on each device you use.
To activate Login Approvals, go to “Account” > “Account Settings”> Under “Login Approvals”, click the box for “Require me to enter a security code sent to my phone” then click “Save”.
Use One-Time Passwords on public computers
If you use Facebook on public computers, such as at school or the library, you should use Facebook’s One-Time password feature. On a public computer, you have no idea what kinds of programs are running that could be used to log your account information. By using a unique password each time, you remove the risk that your credentials will be stolen.
To do this you need to set up and verify your SMS number. Go here and add in your mobile number. You’ll then need to verify the number by entering a code that will be sent to you. Once this is done, you can send a text message to 32665 with the message “otp” when you’re about to login on a public computer. Your One-Time Password will work for 20 minutes after you receive it.
Follow us on Facebook for ongoing tips on securing your account.
The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook
Today is Safer Internet Day – a day to talk about what kind of place the Internet is becoming for kids, and what people can do to make it a safe place for kids and teens to enjoy. We talk a lot about various online threats on this blog. After all, we’re a cyber security company, and it’s our job to secure devices and networks to keep people protected from more than just malware. But protecting kids and protecting adults are different ballparks. Kids have different needs, and as F-Secure Researcher Mikael Albrecht has pointed out, this isn’t always recognized by software developers or device manufacturers. So how does this actually impact kids? Well, it means parents can’t count on the devices and services kids use to be completely age appropriate. Or completely safe. Social media is a perfect example. Micke has written in the past that social media is basically designed for adults, making any sort of child protection features more of an afterthought than a focus. Things like age restrictions are easy for kids to work around. So it’s not difficult for kids to hop on Facebook or Twitter and start social networking, just like their parents or older siblings. But these services aren't designed for kids to connect with adults. So where does that leave parents? Parental controls are great tools that parents can use to monitor, and to a certain extent, limit what kids can do online. But they’re not perfect. Particularly considering the popularity of mobile devices amongst kids. Regulating content on desktop browsers and mobile apps are two different things, and while there are a lot of benefits to using mobile apps instead of web browsers, it does make using special software to regulate content much more difficult. The answer to challenges like these is the less technical approach – talking to kids. There’s some great tips for parents on F-Secure’s Digital Parenting web page, with talking points, guidelines, and potential risks that parents should learn more about. That might seem like a bit of a challenge to parents. F-Secure’s Chief Research Officer Mikko Hypponen has pointed out that today’s kids have never experienced a world without the Internet. It’s as common as electricity for them. But the nice thing about this approach is that parents can do this just by spending time with kids and learning about the things they like to do online. So if you don’t know what your kids are up to this Safer Internet Day, why not enjoy the day with your kids (or niece/nephew, or even a kid you might be babysitting) by talking over what they like to do online, and how they can enjoy doing it safely.
The European Union is preparing a new data protection package. It is making headlines because there are plans to raise the age limit for digital consent from 13 to 16 years. This has sometimes been describes as the age limit for joining social media. To be precise, member states could choose their age limit within this range. Younger kids would need parental consent for creating an account in social media and similar networks. We can probably agree that minors’ use of the internet can be problematic. But is an age limit really the right way to go? It’s easy to think of potential problems when children and teenagers start using social media. The platforms are powerful communication tools, for good and bad. Cyberbullying. Grooming. Inappropriate content. Unwanted marketing. Getting addicted. Stealing time and attention from homework or other hobbies. And perhaps most important. Social media often becomes a sphere of freedom, a world totally insulated from the parents and their silly rules. In social media you can choose your contacts. There’s no function that enables parents to check what the kids are doing, unless they accept their parents as friends. And the parents are often on totally different services. Facebook is quickly becoming the boring place where mom and granny hangs out. Youngsters tend to be on Instagram, WhatsApp, Snapchat, Periscope or whatnot instead. But is restricting their access to social media the right thing to do? What do we achieve by requiring parental consent before they sign up? This would mean that parents, in theory, have a chance to prevent their children from being on social media. And that’s good, right? Well, this is a flawed logic in several ways. First, it’s easy to lie about your age. Social media in generic has very poor authentication mechanisms for people signing up. They are not verifying your true identity, and can’t verify your age either. Kids learn very quickly that signing up just requires some simple math. Subtract 16, or whatever, from the current year when asked for year of birth. The other problem is that parental consent requirements don’t give parents a real choice. Electronic communication is becoming a cornerstone in our way to interact with other people. It can’t be stressed enough how important it is for our children to learn the rules and skills of this new world. Preventing kids from participating in the community where all their friends are could isolate them, and potentially cause more harm than the dark side of social media. What we need isn’t age limits and parental consent. It’s better control of the content our children are dealing with and tools for parents to follow what they are doing. Social media is currently designed for adults and everyone have tools to protect their privacy. But the same tools become a problem when children join, as they also prevent parents from keeping an eye on their offspring. Parental consent becomes significant when the social media platforms start to recognize parent-child relationships. New accounts for children under a specified age could mandatorily be linked to an adult’s account. The adult would have some level of visibility into what the child is doing, but maybe not full visibility. Metadata, like whom the child is communicating with, would be a good start. Remember that children deserve s certain level of privacy too. Parents could of course still neglect their responsibilities, but they would at least have a tool if they want to keep an eye on how their kids are doing online. And then we still have the problem with the lack of age verification. All this is naturally in vain if the kids can sign up as adults. On top of that, children’s social media preferences are very volatile. They do not stay loyally on one service all the time. Having proper parent-child relationships in one service is not enough, it need to be the norm on all services. So we are still very far from a social media world that really takes parents’ and children’s needs into account. Just demanding parental consent when kids are signing up does not really do much good. It’s of course nice to see EU take some baby steps towards a safer net for our children. But this is unfortunately an area where baby steps isn’t enough. We need a couple of giant leaps as soon as possible. Safe surfing, Micke Image by skyseeker
We are all sad about what’s happened in Paris last Friday. It’s said that the terrorist attacks have changed the world. That is no doubt true, and one aspect of that is how social media becomes more important in situations like this. Facebook has deployed two functions that help people deal with this kind of crisis. The Safety Check feature collects info about people in the area of a disaster, and if they are safe or not. This feature was initially created for natural disasters. Facebook received criticism for using it in Paris but not for the Beirut bombings a day earlier. It turned out that their explanation is quite good. Beirut made them think if the feature should be used for terror attacks as well, and they were ready to change the policy when Paris happened. The other feature lets you use a temporary profile picture with some appropriate overlay, the tricolor in this case. This is a nice and easy way to show sympathy. And it became popular very quickly, at least among my friends. The downside is however that it seemed so popular that those without a tricolor were sticking out. Some people started asking them why they aren’t supporting the victims in Paris? The whole thing has lost part of its meaning when it goes that far. We can’t know anymore who genuinely supports France and who changed the picture because of the social pressure. I changed my picture too. And it was interesting to see how the feature was implemented. The Facebook app for iOS 9 launched a wizard that let me make a picture with the tricolor overlay. Either by snapping a new selfie or using one of my previous profile pictures. I guess the latter is what most people want to do. But Facebook’s wizard requires permissions to use the camera and refuses to start until the user has given that permission. Even if you just want to modify an existing picture. Even more spooky. The wizard also asked for permission to use the microphone when I first run it. That is, needless to say, totally unnecessary when creating a profile picture. And Facebook has been accused of misusing audio data. It’s doubtful if they really do, but the only sure thing is that they don’t if you deny Facebook microphone access. But that was probably a temporary glitch, I was not able to reproduce the mic request when resetting everything and running the wizard again. Your new profile picture may be temporary, but any rights you grant the Facebook app are permanent. I’m not saying that this is a sinister plot to get more data about you, it may be just sloppy programming. But it is anyway an excellent reminder about how important the app permissions are. We should learn to become more critical when granting, or denying, rights like this. This is the case for any app, but especially Facebook as its whole business model is based on scooping up data about us users. Time for an app permission check. On your iOS device, go to Settings and Privacy. Here you can see the categories of info that an app can request. Go through them and think critically about if a certain app really needs its permissions to provide value to you. Check Facebook's camera and microphone permissions if you have used the temporary profile picture feature. And one last thing. Make it a habit to check the privacy settings now and then. [caption id="attachment_8637" align="aligncenter" width="169"] This is how far you get unless you agree to grant Facebook camera access.[/caption] [caption id="attachment_8638" align="aligncenter" width="169"] The Settings, Privacy page. Under each category you find the apps that have requested access, and can select if the request is granted or denied.[/caption] Safe surfing, Micke PS. The temporary profile picture function is BTW simpler in Facebook's web interface. You just see your current profile picture with the overlay. You can pan and zoom before saving. I like that approach much more. Photo by Markus Nikander and iPhone screen captures