Securing your FaceBook profile

FaceBook, the social network site known by basically everybody with an internet connection. The numbers of profiles listed on this page, give you a good impression on how really big FaceBook is. At the end of Q4 in 2014, the social media site had approximately 1.35 billion users on FaceBook. That’s a whole lotta people!

Many people seems to forget that it’s a portal between your personal life (pictures, ideas and so on) and the whole wide world. Some time ago a friend of mine told me her FaceBook page got hacked and she felt she was obligated to deactivate her account. I felt it could come in handy to write something about how you can secure your facebook page by implementing some privacy measures, a more secure authentication methodology and some best practices.

Common sense
Before going into the more advanced details, here are some recommendations which are the basics in securing any application:

  • Make sure you are logging on from a computer installed with an Anti-Virus product;
  • Don’t use easy passwords (such as the name of your pet or any things people easily can guess). Change some of the characters in the password to make it more difficult (replace ‘O’ with ‘0’, ‘S’ with ‘$’, ‘A’ with ‘@’ and so on).
  • Don’t use the same password and e-mail on all websites. Let’s say if a hacker is able to compromise a user database, it would be very easy to check if the same user account and password is used for any other applications. An example: ‘Alleged Dropbox hack underlines danger of reusing passwords‘.
  • Don’t fill in your password on any website that should not request your password. In case they need some information from your facebook page, they will forward you over a secure link on FaceBook to trust this application (for example: StumbleUpon or Runkeeper). If you are wondering, what applications are able to access your FaceBook data, navigate to “Settings > Apps“.
  • If you are logging on from a public computer or from a computer at a friends place, don’t forget to log off your account.  If you want to check on what browsers and devices you are logged on, navigate to “Settings > Security > Where You’re Logged In’. This page allows you to remotely end a session which should not be open.
  • Think before you click!

Putting the appropriate privacy rules in place
I don’t like people running through my FaceBook page without having a ‘relation’ with them. First of all, I recommend to change the privacy settings to disallow people which are not friended on FaceBook to see your stuff.

  • By Altering “Who can see your future posts?” to only “Friends“, you will limit the accessibility of all future status updates only to your friends.
  • I do recommend to execute the tool “Limit the Audience for old posts…“. This will forcely change the privacy settings on every status update to only be read by your friends. Please note this operation is irreversible!

By changing the two above options you will open your FaceBook profile only to your friends. In case, an additional person is tagged in a picture for example, he will be able to read everything.

Additionally I recommend to activate “Review posts that friends tag you …” in the section “Timeline and Tagging“. This options, will notify you when you are tagged in a photo requesting for approval.

You can limit the number of people to see everything by changing the configuration put in place in “who can see posts you’ve been tagged in on your timeline” and “who can see what others post on your timeline“.

Define a more secure authentication process
I only access my FaceBook profile on a limited set of systems which I trust. To secure your profile, you can request an OneTime Password during the login process. To activate the extra security measurement, activate “Login Approvals” in combination with “Code Generator“.

Additionally, I adapted the notification to only include “Account-Related information” and activated the “Login Notifications” to be send out when someone is trying to access my account.

Please note, when you are using applications such as spotify it can be required to create some “Application Passwords” to allow the to continue to work.

Hope this helps!

Leave a Reply