If One Direction was big the last time you changed your Facebook password, then for heaven’s sake, change it now. While you’re at it, I strongly recommend turning on 2-factor authentication.
We’ve become numb to headlines like this: “Facebook Security Breach Exposes Accounts of 50 Million Users” – NY Times 9-28-2018. 500 million guest accounts at Starwood were hacked. Research at Google reports that if your account data was breached, then you are 10 times more likely to be a victim of hijacking. If you’ve been phished, 500 times more likely.
RedBlueTalk is supposed to be about how politics and government impact everyday life, so what does Facebook passwords have to do with that? A lot. You see, it seems like the US Government is either unwilling or unable to do what needs to be done when it comes to the largest technology companies. Congress holds flashy hearings, but very little happens in the way of fines, regulations or anti-trust activity. “Well Senator…” we heard Mr. Zuckerberg drone on last April, but what really changed? Nothing.
It’s way beyond Facebook. There has been an endless stream of large companies that confessed to data breaches including massive streams of customer data. Macys, Adidas, Sears, Kmart, Delta Airlines and on and on have had names, addresses and credit card information stolen.
Facebook is like catnip for hackers. They absolutely love it. Facebook makes its system widely available to developers through a public API, or Application Programming Interface. This makes it possible for third party developers to write programs that work with Facebook. This way of working has unlocked tons of great apps, like TinFoil for Facebook, which allows you to enhance privacy, or PiZap which lets you edit photos right on Facebook without an external editor. Unfortunately, it also allows developers like Cambridge Analytica. That’s the now famous political firm that was hired by the Trump 2016 election campaign. It gained access to private information for more than 50 million Facebook users. Congress hauled Mark Zuckerberg in to talk about it. Zuck shrugged.
Passwords are not enough anymore.
They can be stolen, guess or phished, fairly easily. Phishing is where you provide your password to a hacker, thinking you are typing it into a legit site. Everyday Internet users like us need to take a queue from the big companies. When you work for a giant firm, you are required to use a “token” or some extra piece of information in addition to a password before you get access to corporate resources.
Google, Facebook and Twitter all allow users to enable 2-factor authentication. You should use it. It requires that you enter a one time password in addition to your regular dusty old password. It creates reduces the chance that a stolen password will work at all. That is why I’ve created this video to show you how it works with Facebook.
My daugher asked, “But will I need to enter the one-time password everytime I use Facebook? That would be horrible.” She is correct, that would be inconvenient, and the answer is no. The way Facebook works, you only enter your credentials (username/password/2nd factor) when you are trying to access Facebook from a device that is not known to Facebook. I’ll bet you look at Facebook on your phone several times per day. C’mon admit it, most of us do. You never get prompted for your password, right? That’s because the Facebook session on your phone is persistent, meaning it remains active even if you use other apps or close the Facebook app. I find even if I log out of Facebook, I’m not prompted for a password when I launch the app, as long as I’m on the same Android phone. However, if I try to connect to Facebook from some other device, another phone or PC, then I am prompted for credentials, and that’s the only time you’ll need to fetch a new one-time password from a text message.
Your password is going to be hacked if it hasn’t been already, so be ready.
1/ Don’t count on the government cracking down on the companies that lose your personal data en masse. The evidence is everywhere that the government could help, but won’t because of its love affair with billionaire technology pioneers.
2/ Change your password and make it unique for every service, especially the big targets: Facebook, Amazon, Google, Apple, LinkedIn, Pinterest, Twitter, etc.
3/ Protect your privacy like the big dogs, and turn on 2-factor authentication everywhere possible. If someone gets your password, they would also need your mobile phone to log in as you, anyplace. That’s makes it much harder, and also let’s you know immediately that somebody’s trying to use your password.
4/ As I mention in the video, give yourself an escape hatch, in case you lose your phone. When you enable 2-factor authentication, also print out backup codes and keep them handy, so you don’t get locked out of Facebook, if you don’t have your phone.