Many people store a lot of private information on Facebook (what they are doing, pictures, list of friends). Facebook lives from your readiness to share. The more you share there, the better. The more is accessible to all, the better. This also means that even though there are quite a few of security and privacy settings in Facebook, most of them are not enabled by default. This means your account is mostly open and can be closed as needed rather than having a secure private account, and have you knowingly make some parts of your life public.
Since it also looks like half of the parents join Facebook to check on what their children write or where they get tagged, Facebook is officially the largest social spying network.
If despite of this all you want to use Facebook but in a private and secure way you need to consider exactly these two aspects. Privacy and security.
Making your account secure is about making sure that unauthorised persons will not take the control of your account or get unlimited access to information.
The first step is to have a secure password protecting your account:
- A secure password should be unique i.e. not used on Twitter, Google, Amazon… in addition to Facebook. Once any one of these accounts are hacked, the hacker has access to your data everywhere.
- Change the password on a regular basis. You might unknowingly give hints about your password to someone. With enough hints, it might be possible to figure out your password. But if you completely change it every 3 to 6 months, it stays secure. Changing it on a regular basis doesn’t mean moving from “Winter2012” to “Spring2013” to “Summer2013”. It also doesn’t mean changing from “qwertzuio” to “asdfghjk” to “yxcvbnm,” or from “A6Hjfh1$” to “A6Hjfh1%” to “A6Hjfh1&”. If there is an obvious pattern, then you changing the password has almost no effect.
- Never tell anyone your password. It’s not that there are not people you can trust. But let’s say you can trust yourself to 100% and very close friends or relatives to 90%. They in turn also trust someone to 90%. This person as well… In the end, sensitive information land in the hands of someone you do not know at all and shouldn’t trust either.
- If you cannot remember your password, the chances that someone else will figure it out are very low. So using a password tool is a good idea. Of course it means having a master password and if this one is nor secure and someone gets access to the tool… But as you see it then means that someone also needs to have access to your computer and not just the internet. Also the master password itself should be secure enough.
- Don’t save it in browsers. Only save it as suggested above in a place also protected by a master password. Otherwise, it means that anybody with access to your computer has unrestricted access to all accounts including Facebook.
- Do not write the password down. If you cannot remember it, use a password vault or tool. More people than you think can manage to look at the back of your keyboard.
- Remember that email, sms or any other communication media are not always safe. So do not send your password to anybody as the message might be intercepted.
Use also the following rules to generate a secure password:
- A longer password is more difficult to hack. Use at least 8 characters
- Use small letters, capital letters, digits, special characters. Of course pay attention, that special characters used are available on all keyboard layouts you use.
- Avoid having the password contain parts of your name or email address.
- Avoid personal information about you or your family. How many people know the name of your first dog, the maiden name of you wife or the birth date of your children ?
- Avoid simple sequences of characters like 123 or abc or qwerty…
- Replacing a letter with a similar shape (e.g. an @ to replace an “a”, a zero to replace an “o” or an exclamation mark for an “i”) is a well known way to get special characters and digits in a password. But everybody trying to hack your password also know that, so it might actually not be such a bright idea !
- Do not use words from the dictionary, no matter which language (someone trying to find out your password will for sure manage to find out which other language you might be using).
- Reversing words is not the answer. Someone trying to find your password will not only check apple, @ppel, appe! and @ppe! but will also reverse the word e.g. elppa.
- Doubling words make the password longer but not more secure.
This was about security. In the next post, we’ll focus on the privacy settings available in Facebook.