So everyone hears about someone’s Facebook account getting ‘hacked’ these days, they even report it on the news ever so often. I’ve got a problem with that word: “hack”. We need to acknowledge that the word ‘hacked’ is a slight exaggeration, a more accurate word is ‘highjacked’. The difference in the semantics is significant; ‘hacking’ implies this person did it:
Meanwhile as per the usual case, highjacking implies this:
I’m sure those images speak a thousand words, but just in case it didn’t, here’s the difference with words.
How people could highjack your account:
1. You forgot to logoff from a public PC
2. You didn’t log off from your PC and allowed someone to use it
3. Someone has access to your phone, because it’s stolen or you just lent it to them
How people could hack your account
1. Brute force guess your password (ok technically this is still highjacking, not hacking but I’ll leave it here anyway)
2. Break into Facebook’s servers, right through their million dollar firewalls and sysadmins
How To Protect Yourself
1. Enable SSL on Facebook
This protects you from Man In The Middle attacks, especially a problem if you’re browsing from a public location (eg: a Cyber Cafe). To do this go to the settings page on Facebook (here) and turn on “Secure Browsing”. This should be enabled by default anyway.
2. Clean up your sessions
Facebook allows a pretty easy way of doing this. This page allows you to view where your account is currently logged in from. If you do not recognise any of those sessions, kill them. This also allows you to log off from a different browser remotely. eg: If you forgot to log off from your computer at work, you can do just that from home on your home computer. To be precise, yes you can log off your account on the office computer from your computer at home.
3. Protect your Phone
This is critical, not just for Facebook. Your phone stores a huge amount of information, someone who gains access to your phone has access to just about half your life. Treat it with as much care as you would (say) your passport. A very easy way of doing this is to use an unlock code on the phone. This is the single most ignored security advice, most people do not have access codes because it’s a nuisance to enter a PIN evertime you want to use your device. I assure you the cost of typing in 4 digits is worth it. And please don’t make your unlock code 0000, 0123, 1234, or your birthdate.
4. Use a secure password
Meaning do not use your name, your Significant Other’s name, your birthdates, your address, your first pet’s name, your children’s name, or any combination thereof.
5. NEVER reveal your password
This should be obvious. Nobody from Facebook will ever ask for your password. Never ever type your Facebook password anywhere besides Facebook’s apps or login page
6. Look behind you
The most obvious way people get your password is by looking over your shoulder. Srsly, watch your back.
7. Don’t save your password on the Browser.
They are reversible. Anyone with a very little knowledge and access to your computer can reverse your saved passwords.
8. Don’t share your passwords between different accounts or websites.
If one server or one service is compromised (as it always is), and someone gains access to your password on one service(say LinkedIn), people can link your accounts together and they will try the password from one account on any one of your other accounts.
9. Change your passwords regularly.
People don’t do this for the fear of not remembering their password. Not a great reason. When’s the last time you changed your Facebook password?