Friday, April 22, 2011

Some Things to make FB more secure

It's seems like every other day I hear about a friend whose had some robot log into his/her facebook account and start spamming everybody, so I thought I'd mention some of the basic things people can do to lower the risk of having their accounts hacked.

Password Strength: Now, if my close friends and family members are any indication, most people use very basic passwords that often consist of one word. I've never considered hacking into anyone's Facebook account, but if I did, one of the first things I'd try would be to write some sort of script that iterates through words in the dictionary. Facebook probably keeps you from guessing passwords after so many tries, but a persistent soul will succeed. You can easily circumvent efforts like that by having a really long and complex password. It can consist of (multiple) words, but throw in a few capital letters and a special symbol like !, _, or some such.

Watch Your Address Bar: If you see a facebook login at the URL www.hackyourfb.com or whatever, it's probably a bad sign. Make sure you're logging into Facebook.com each time you login. Most browsers can read security certificate from companies like Verisign, DigiCert, GoDaddy, and others. So look for that if your login attempt fails. But the main thing is to make sure you're logging into Facebook.

See's who has been logging in: If you click Account, Account Settings, then Account Security, you can see where your logins come from. This isn't 100% reliable as it's related to your IP address (which, depending on your ISP could be, anywhere), but it's one of the best places to look if your account has been compromised.

Check your apps: I imagine there's a good chance much of this spam originates from installed apps. Facebook doesn't really regulate who makes apps (outside of what gets in the directory). http://www.facebook.com/editapps.php will allow to remove spammy or suspicious apps. If you're having problems like of this nature, there would be a good place to look.

Firewall: This really more for your PC, in general, but be firewalled. Head on over to Grc.com, run their shields up test, and see if you have any open ports. Ideally, they'll all read stealth. Most firewalls inside of routers can accomplish this.

No comments:

Post a Comment