Why would you secure your Facebook account beyond its default settings?
With so many services available for social networking nowadays, we tend to overlook sometimes the importance of having a secure way of authenticating into our accounts. It is tremendously important to secure your Facebook account before the bad guys make it their next target. Don’t rely on “what can they found so important on my account?” or “it won’t happen to me”. People use Facebook nowadays for more than they think. A big chunk of your social and private life is part of that account to which you wouldn’t probably want someone else to gain access. The public aspect of your account is indeed available for the world to see, but what about stuff you don’t want the entire internet to know – like your private messages?
What makes your Facebook account such a good target for hackers?
Gaining access to someone’s Facebook account, especially if they are intensely using it as part of their social life, could prove quite disastrous. Imagine someday waking up to your account being hijacked by some random dude who now has access to your private data: your e-mail, phone number, messages, friend list and groups, everything you’ve ever posted and can post anything in your name. Not the best landscape, isn’t? The fact that they can do so much harm by taking over someone else’s account makes the hacker consider it as a good target.
Are the default settings enough to secure your account?
In one word? No. Why? Long story. See, by default, you’re only prompted to have a password, and an e-mail address linked to your device. Some people also link their phone number, but not always. And isn’t this enough??? No, it is almost never enough to keep the account safe. These options, although useful, can’t failproof your account because they’re susceptible to phishing attacks.
But how does one get access to my account? Isn’t Facebook like… very secure?
Indeed, Facebook is very secure – if used properly. Most of the cases where an account has been compromised were due to a specific type of malware called “Keylogger”, which pretty much once installed on your computer captures every key you press on your keyboard and sends what you type to an attacker. In this case, since they get your password as you type it, they can log in as being you.
Wait so they don’t crack my password??? No. That is a pretty big misconception. You can’t crack a good Facebook password (that includes uppercase letters, lowercase letters, number, and symbols) that easy. The passwords are not stored on Facebook’s servers in plain text. They are most of the times encrypted with encryption algorithms that are very hard to impossible to break with today’s tech. What hackers do is either guess the password (because you made it very obvious or too short and easy to guess), or simply use the aforementioned keylogger to grab it when you type it.
But how can you secure your Facebook account beyond its default settings?
Your Facebook account is as secure as you make it. You can secure your Facebook account quite easily, but it won’t secure itself for you. Facebook is one of best websites in terms of security options. It is just that not many people use the security tab at its maximum. Facebook is capable of 2FA (Two Factor Authentication) which means that, even if an attacker has your password, they still can’t get access to your account unless they grab a security code that Facebook sends you either over SMS or you generate via Google Authenticator application. Google Authenticator is free and available for both iOS and Android. In this case, to hack you, they’d need access to both your credentials and your phone or SIM card (which is not impossible but it is certainly way harder).
But how can you secure your Facebook by activating 2FA?
Activating 2FA is actually very simple. Follow the following steps and you’ll be done in no time!
- Open The Security Tab on your Facebook account, available here.
- On the “Setting Up Extra Security” section, you will see “Use two-factor authentication” set to “off”.
- Click the “Edit” button right next to it and enable it.
- Choose an authentication method you’d like to add and follow the on-screen instructions. I recommend starting with a phone number (“Text Message (SMS)”) option. It will enable you to receive a code on your phone everytime you log in from an unknown PC. This should be the first line of defense in case of a keylogger attack.
- Now you should download the Google Authenticator app for iOS here or for Android here.
- Let’s now configure the security codes through Google Authenticator. First, look for “Code Generator” section under 2FA. Press enable and select “Set up a third party app to generate codes.”.
- A new window will show up with a QR code (a square with black dots). You will have to scan it. To do this, open Google Authenticator and tap the big + button to add an account. The camera app will show up. Make sure you’re pointing the camera at the computer screen and have the entire square with black points in focus. Once scanned, a 6-digit code will start to be generated every few seconds when you are in the app. Take the code and fill the text field on the computer to finish adding Google Authenticator.
- Now press “Confirm”. If everything went well, you should now be able to generate a code to access your profile – useful if you don’t have cell network coverage to receive Facebook’s message with the code. The code generated by Google Authenticator is valid only 5 minutes.
Ok, so with all these in place, and with a good password containing upper and lowercase characters, numbers and at least 2 symbols (@#%^&*$!?~), you should be more than set. Make sure though that your e-mail account is also secure. If you’re using Gmail and Yahoo, they both support similar 2FA options!
But what if I want even beefier security?
Wait so you want more?! Ok then. There is one more thing you can do that although it requires a small investment, it will definitely failproof your account if combined with the aforementioned measures. That is the security key. A security key is a USB device with a small golden conductive surface that you will have to physically insert in the USB port and press to be able to log in. You can add this as a security method and it is pretty much undefeatable because the chip inside the device is unique and it generates unique keys when you tap its conductive area. Such security keys are impossible to be cloned, an attacker would need to have physical access to the key and there is no way around it once enabled.
But what if I forgot the USB key home?
Sometimes, you can secure your Facebook account a bit too much to the point where even you get locked out of it. This is not the case. These keys are pretty small and most of them have a hole so that you can add it to your keychain, but if you happen to forget it home or lose it, you can still log in using your phone, just make sure you don’t add only the USB key as a security measure (although I think you can’t add only the key, Facebook requires at least the phone number to be enabled).
Ok, where do you get a security key to secure your Facebook account?
Ok, first, this is NOT a sponsored post, I am not paid to promote this key, it is just that I’ve been using them for years and it prevented many hacking attempts on my accounts.
These keys can be used on many accounts, Facebook, Yahoo, Gmail, GitHub, DropBox and many other products, not only Facebook. Pretty much anything that supports authentication with Fido U2F keys can be configured to accept your key, there is no limit on accounts you can use it for.
Yubico produces the best U2F USB Security Keys. They have multiple versions available, some for USB 2.0/3.0, some for USB-C and some even with NFC so that you can use them on a phone. The cheapest one is the FIDO U2F key, a small, flat blue USB key that would do for pretty much anybody who wanna add this layer of security. It costs $18 at the time of writing this article, a small investment for what it can do.
Wanna secure your Facebook account even beefier? Ok then.
If you wanna go even beefier with this whole security key approach, you can get the YubiKey 4 key which can be programmed, supports multiple authentication methods and can even be used as a smartcard for macOS or Windows authentication. This one is a bit more dedicated towards the tech-savvy users. The overall protection is the same as the cheaper FIDO U2F key, but the FIDO one can’t be used as a smartcard nor can it be programmed (which if you’re just looking for a security key for daily use, isn’t even required). There is also the YubiKey NEO which is pretty much a security key with built-in NFC. This means that you can use it with an Android phone or tablet. Again, a bit too much if you just want a security key.
But how do I add it to my Facebook account once I got one?
- Under the same “Use two-factor authentication” tab, select and enable “Security Keys”.
- Press “Add key”. A new window will pop with the icon of a blue security key and will say “If you have a USB security key, you can use it to protect your Facebook account.”
- Press “Add key” again. The window will change to an image showing you to plug the key in the USB port and then to tap the gold circle on it. Once you did that, the “Continue” button will be enabled so you can press it, but first, you will be asked to confirm your password.
- Then you will be prompted to give a name to the key, by default is the name of the key, in my case, “YubiKey 4”. You can click “Continue”.
- Now you should see something like this.
Conclusion on how to secure your Facebook account
You can secure your Facebook account quite easily with a few very well documented steps, but if you don’t take the time to do it, it won’t do itself for you and you remain vulnerable even though Facebook has the potential of making your account impenetrable. A simple activation of a few 2FA options can help you secure your Facebook account in no time and keep the bad guys out. Take the time and secure your accounts today. Don’t be a victim of some dude with no life other than the one his spends in his mom’s basement!