A Facebook friend of mine posted a video recently from a rather flustered Scottish gentleman who claimed that copying and pasting those “copy+paste if you care about Jesus / The Constitution / The Children / Cancer / Endangered Australian Collywobbles” statuses would somehow leave you vulnerable to attack.
His reasoning was pretty straightforward:
Copying those statuses makes your profile searchable via the words in those statuses (true) ⇒ hackers could then use those words to search for your profile (true) ⇒ *H4x0r Wizardry Ensues* (probably not very true) ⇒ Hackers now own your Facebook (false)
The problem with this is that there is no way that showing up in a Facebook search result leads to your account being compromised. That would be a pretty huge fucking deal for Facebook, I think. If their search feature could be exploited like that.
And if it could potentially be exploited like that (Pro-Tip: It can’t), then the status means nothing. The hacker could just search for dudes named “John” and accomplish the same goal.
If the threat of cloning your profile and then using the cloned profile to send bad things to your friends and family is something you’re worried about, then you can mitigate that risk by just upping your privacy settings. Set your profile so that only your friends can see anything, and that’s solved. The hacker will just see a blank profile and move on.
Another thing you can do is refuse to keep too many pictures or personal information on your profile. I have very little personal info and very few pictures on my Facebook, and I only keep one status up at a time. Even if my privacy settings weren’t maxed out, there’s really nothing there to take.
Your friends and family should also be aware of who they’re accepting friend requests from and how they’re using Facebook in general. In fact, here’s some quick rules for safely using TheFacebook.
Quick rules for safely using Facebook
- Never share anything you don’t want the whole world knowing.
- Never accept friend requests from people you don’t know.
- I wouldn’t even accept a friend request from someone who isn’t in my phonebook.
- Never accept a friend request from someone you think you’re already friends with. If you get what you suspect is a duplicate request, text or call the person and ask them.
- Don’t post pictures of your vacation during your vacation.
- Avoid getting too personal. It’s a public platform. Everyone is watching.
- Avoid posting pictures at all.
- Don’t make status updates.
- Delete your Facebook.
- Don’t use Facebook.
So there are 9 rules for safely using Facebook. In addition to those 9 rules, I’m going to show you 8 steps to hardening (or securing) your Facebook account against hackers.
If you follow this guide, you can rest assured that you’re reasonably safe from evil and malicious Russians who seek to elect global leaders that don’t like George Soros.
How to secure your Facebook against hackers
The first thing you need to do is get yourself hooked up with a real password manager. You can do that by getting LastPass for free by clicking here (Note: Affiliate Link. If you sign up for LastPass using my link I get a month of LastPass Premium for free).
LastPass is a software tool that will change all of your passwords to random, hypersecure passwords, and then encrypt them on your device and remember them for you. Each day, you enter your one password into LastPass and it will remember and automatically enter your passwords on websites for you.
With LastPass you will not know your Facebook password, and neither will anyone else. The generation, change, and encryption is done on your local machine, so no one can have access to it.
Come back here once you’ve done that and we’ll get started.
Step 1: Access your settings
Step 2: access your security settings
step 3: check where you’re logged in from, log out any unauthorized sessions.
Once you’ve accessed your security settings, the first order of business is making sure you’re only logged in from your current computer. There should be an option to log out other sessions. This will immediately revoke access to anyone else who is on your profile from another location, like the Apple store or something.
Step 4: revoke access to unrecognized devices.
Right, so then the next option down will show you any devices recognized by Facebook that are allowed to access your account. You should see your computer, your phone, and maybe a tablet if you have one. Just revoke access to anything you don’t recognize. Worst case scenario, you have to log in again on your phone.
step 5: turn off “profile picture login”
Just turn this off. While it only applies to your machine, if someone were to gain physical access to your computer (nosy spouse, thief who broke in to your home because he knew you were on vacation, etc.) they would have access to your Facebook without any effort. Convenience is often the bane of computer security.
If this setting is enabled on your profile, you’ll see those options above. Click the “turn off profile picture login” option on the bottom there.
If successful, your screen will reload and look like this:
step 6: enable login alerts
Enable both of these. If you’re currently using Facebook, you’ll get a notification alert (and, on your phone, a push notification) that your account has been logged in to elsewhere.
If you aren’t using Facebook currently, those notifications will be waiting for you, but you’ll also get an email about the whole thing.
step 7: enable two-factor authentication
The next step is to enable-two factor authentication on your Facebook account. This makes your cell phone act as a security key so that whoever is attempting to access your Facebook profile will have to have your specific phone in order to log in to the account.
Every login attempt will require a secret code that is randomly generated by Facebook and then texted to your phone, or randomly generated through an Authenticator app.
I’ll show you how to set up an Authenticator app (I use Google’s) in this guide.
The first step is to click that ‘enable‘ link up there. Once you do that, you’ll get this pop-up here. Make sure to uncheck that stupid box.
Once successful, you’ll see this message:
You should be automatically set up for text message codes, but those can be annoying and fill up your inbox. Instead, let’s activate an authenticator app.
Click the link under “Code Generator” that says “third party app”. This will open up the following modal box:
It will have a secret key and a QR code. Open up the Google Authenticator app on your phone (or whatever app you use), and click the plus button in the bottom right corner to add a new login (or however your app does it).
In the Google Authenticator App, you will be given the option to scan a QR code. Tap that, and then scan the code on the screen.
Google will then instantly verify the property and give you a security code to enter into that box there labeled “security code”.
Enter that code, click confirm, and you’re done. Now, whenever anyone wants to log in to your account, they’ll have to pull up the authenticator app on your phone and enter a security code along with your random, hypersecure encrypted password. And if they manage to do all of that, you’ll be instantly alerted, whereupon you can log them out and change your password.
Voila! You have a secure Facebook profile.
If found this useful, do me a favor and share it.