On September 28th, Facebook announced that 50 million accounts were hacked due to a security loophole. High time to review your facebook account security practices if you haven’t already done so.
Yes, security can be a bit time consuming and not terribly exciting. However, spending just a few minutes implementing the handful of tips below will go a long ways to keeping you much more safe and secure. Here are a few tips I would suggest everyone should implement, right now:
1. External logins using Facebook or Google: These are convenient, but they’re also a security risk. The concern here is the same as using a single username and password for multiple accounts: If one account is compromised, then all accounts are compromised. Consider stopping to use Facebook or Google as your way of creating new accounts, or logging in to existing accounts with Google or Facebook.
1. Two factor authentication: Facebook (any many other services) have a 2FA option available. Consider activating it. Two factor authentication sends a confirmation code to your mobile device which must be entered before you can log in. This is a great option, especially if you think somebody has gotten hold of your password.
2. Strong and unique passwords: We see this advice all the time. Are you on board? If you have a weaker password, change to something strong. “Strong” means a random string of upper and lower case and special characters at least 10 characters long. How strong is this? At 10 characters, it would take a brute force attack machine an estimated 4 million years to crack your password, at a guess rate of half a million passwords per second!
3. Password Managers: Forget your new password. Really. Instead, install a free password manager that will automatically remember every single password you have, generate strong passwords on demand, and automatically fill the correct password in on whatever sites you need to log in to. The tool I use is LastPass, it works across multiple devices, and even off-line. I’ll write a dedicated article on LastPass soon.
This article sheds more light on this latest breach. If you have any questions or comments, please comment below. Thanks!