Mohammad Tauheed, shared this valuable advice and was nice enough to let us share this with you. Pass it on so that our online communities are collectively safer.
In the wake of an epidemic of hacked Facebook accounts, here is an overview of what actions are making your personal accounts vulnerable, how to secure your accounts and generally practice good cyber hygiene.
Your social media is linked to your other accounts
Most often, your Facebook doesn’t get hacked. It is usually not as simple as your Facebook password being guessed by a stranger. Often, it is your email or your phone that gets ‘hacked’. When someone with malicious intent wants to reset your password, the options are linked to your name, username, your most commonly known email address etc. The password reset key is then sent to your email or 2 Factor Authentication codes are sent via SMS. The password is compromised when your email or your phone is hacked or is easily accessible by others.
You are careless with sensitive information
Oftentimes, these hackings are done by people who have some contact with you; people who might know some information about you– like your email address, phone number, date of birth or other verifiable information.
We tend to share sensitive documents such as give people a copy of the NID or passport.
These are the weak links in your personal cyber hygiene. Here are some effective ways to prevent your Facebook account from being hacked:
1. Change your passwords
Install Authy or Google Authenticator. Ideally, use a password manager app, I recommend, Dashlane.
2. Use 2 Factor Authentication
Go to Facebook settings> Security and Login: Immediately turn on Two-factor Authentication if you don’t have it already. Use Authy/Authenticator app for generating code. Avoid codes by SMS if there is an option.
3. Use Facebook only for Facebook
Go to Facebook settings > Apps and Websites. Ideally, remove everything from here, or keep only the apps/services/games that you must keep. Give up the habit of “login with Facebook”, use your email address for opening new accounts in various websites and services.
4. Do not stay logged in on any device
Do not leave your computer or phone open, EVER, not at home, not at work. Religiously lock your computer before you leave your desk (on Windows it’s Windows+L, on Mac, it’s ⌘+Control+q to lock) even if it is for a few seconds.
On your work machines insist for a personal account on the computer, do not share its password with anyone; your office’s IT team can have their own admin account on the computer for maintenance, but they never need your personal account’s password. If your employers disagree about it, quit the job.
5. Do not login from random devices
Do not login to your account from random computers/phones, not even of your friends or your office computers. If you must, use an incognito/private window.
Be sure to check the address bar of your browser if it is marked green with a lock sign and the URL is exactly https://www.facebook.com/ and nothing else at the end or middle, to make sure you are not putting your ID and password in a fake phishing website.
6. Dedicate a fresh email address solely for Facebook
- Create a fresh email address dedicated for Facebook. Use protonmail.com for making the new address. Ideally do not share this email address with anyone, do not use it for anything else.
- Go to Facebook settings > General > Contact. Add your new protonmail address as the primary email. You must remove every other email address from your account.
- Check where you are logged in, remove any unknown, or unnecessary device from the list.
- On Protonmail go to Settings > Security: Turn on Two Factor Authentication, as always use Authy/Authenticator, avoid SMS.
- Now go to Settings > Keys: Click the dropdown arrow next to your email address, click on Actions: Export, select “Public Key.” It will download an ASC file. Open the ASC file with Notepad (or TextEdit on Mac). Select all, copy everything from the file.
- Go to Facebook settings > security and login > scroll down to Encrypted notification emails.
- Paste the text here. Check in the box for “Use this public key to encrypt notification emails that Facebook sends you?” Save.
- It might send a test email to your Protonmail to check if the encryption key is working. This email might land in your spam of Protonmail. Click on the “Yes, encrypt notification emails sent to me from Facebook.” to confirm. Now your Facebook settings for Encrypted notification email should show “On”.
- Memorize your Protonmail login password, or use Dashlane to save your password. Now go to Protonmail settings > Account > Disable the “Allow password reset” option. Remember that, it means, if you forget Protonmail password, it is not recoverable, you are screwed. But this is the final layer of security.