Using Advanced Settings - HackerUp on Facebook Security (2016)

HackerUp on Facebook Security (2016)

Using Advanced Settings

Facebook takes a number of steps behind-the-scenes to keep the site secure. Facebook also provides tools that users can take advantage of to protect their accounts and test their security and privacy settings. Those tools include using one-time passwords, single sign-on, the ability to monitor account activities, login approvals, the ability to remotely end account activity, and social authentication. Facebook also lets you test your security and privacy.

Your browser and apps

Facebook keeps a record of the devices you use to access your account and it recognizes devices you've used before. You can check the list of devices and apps that have been used to log into your account. Facebook sees these devices and apps as “authorized” so it won’t notify you if they’re used to log into your account. If you’ve used Facebook on a public computer, a friend’s device, or a device you no longer own (like a cell phone you passed on to a friend when you upgraded), you’ll want to remove those devices from the list. How you do that varies just slightly depending on whether you’re using a computer or a mobile device to access Facebook.

From a computer:

•Click the down-pointing triangle at the far right of the Facebook menu bar.

•Click SETTINGS on the drop-down menu.

•Select SECURITY in the left pane.

•Click on YOUR BROWSER AND APPS in the right pane. Facebook will display a list of the browsers and apps that it thinks you’re currently using to access Facebook.

•Click REMOVE for any browser or device you’re no longer using.

You can also customize your login settings so that Facebook notifies you when someone logs into your account from an unrecognized device by setting up login alerts. Login alerts can give you a heads-up that your account was accessed unexpectedly. Navigate to SECURITY settings and select LOGIN ALERTS to request an email alert whenever a new device logs into your account. If you receive an email message about a new login that isn’t you, follow the link in the message to disable the login session.

Where you’re logged in (Active Sessions)

Facebook security settings also enable you to see a list of open and active sessions.

To access this feature, navigate to the SECURITY settings and select WHERE YOU’RE LOGGED IN (on a computer) or ACTIVE SESSIONS (on a mobile device). Facebook will show you a list of every Facebook session you are currently logged in to along with the name of the browser or device and its geographic location. Right now, my friend Lynn is logged into a Chrome session on a computer running Windows 10 in Gettysburg, PA, a Samsung Android session in Harrisburg, PA, and an Internet Explorer session on a Kindle tablet in Winston-Salem, NC. The Chrome session is the laptop in her home. The Android session is the Facebook app on her cell phone. Sometimes, the cell phone “location” doesn’t match where the cell phone is. As it turns out, my friend Lynn was visiting her grandkids and accessed Facebook using her son-in-law’s Kindle. According to Facebook, she never logged out. She can do that now, simply by clicking END ACTIVITY or tapping the X next to this session in the list.

If you see a device listed that clearly is not you, it means someone else may have accessed your account. You should stop ALL sessions (on a computer, click END ALL ACTIVITY; on a mobile device, click each X in sequence until all sessions are closed).

Follow up by immediately changing your password. Check all of your personal settings to make sure nothing else has been changed, such as the cell number or email address you've listed for Login Approvals, your list of Trusted Contacts, and so on. If you use the same password for any other social media or email accounts, change those too—and choose different passwords for each account. You should also set up two factor authentication and the rest of advanced security settings to help keep your account secure.

Login approvals

If you have a cell phone that receives texts, Login Approvals are a must have.

Facebook will send a text message to your cell phone with a unique code to use when you log into Facebook from a different computer. This feature adds another level of security for people who log into Facebook from various locations. To set up login approvals, navigate to SECURITY settings and select LOGIN APPROVALS. Once you have enabled LOGIN APPROVALS and entered a cell phone number, whenever you try to log in from a new device or browser you’ll be asked to enter a code that you receive via text message.

Code generator

Once you’ve turned on LOGIN APPROVALS, logging into Facebook will become a two-step process in which you will need to enter both your password and a unique code. This can be problematic if you’re unable to receive text messages (or they don’t arrive quickly enough). In those cases, you can use the Code Generator instead to generate one-time codes.

Code Generator is an option inside Facebook's mobile app that generates a new code every 30 seconds. Because it’s a mobile app, you can use it on your smartphone or tablet.

App passwords

Using Facebook Login Approvals adds an extra layer of protection to your account, but unfortunately some applications won’t work with it turned on unless you protect them separately by creating passwords specifically for them. Applications like Skype and Spotify have features built into them that provide unique ways to interact with your Friends on Facebook. If you want to use both Login Approvals and Apps like these, you need to generate App Passwords for them. These are permanent passwords that are specific to each app; you only need to enter them once. To set up App Passwords, go to SETTINGS, SECURITY, APP PASSWORDS. Facebook will generate a password for you to enter into the application. If, later, you decide to stop using an application, you should remove it from your App Password list.

Trusted contacts

The TRUSTED CONTACTS feature allows you to designate specific Friends who can help you get back into your Facebook account if you forget your password and can’t access your email, or if a hacker has stolen your account and changed your password. It’s like leaving a house key with a trusted neighbor.

If you notify Facebook that you are locked out of your account, Facebook will send special security codes to your trusted contacts. Once a trusted contact sends the security code on to you, you can enter that code into Facebook's system to verify your identity. At that point, you’ll be able to create a new password and regain full access to your account.

To set up your trusted contacts, navigate to SETTINGS, SECURITY, TRUSTED CONTACTS.

You are allowed to choose three to five people as your trusted contacts. Be sure to pick people that you talk to regularly and who are easy to reach. Especially, be sure to pick people you really trust.

Like handing out house keys, designating trusted contacts is something that you need to do before there’s a problem. Don’t wait until you get locked out—add your trusted contacts now.

Legacy contact: your Facebook executor

There are two CONTACT options that you can specify in your SECURITY settings: TRUSTED CONTACTS and a LEGACY CONTACT.

Your LEGACY CONTACT is different than your TRUSTED CONTACTS, although no doubt will be someone you trust. Think of this as your Facebook executor. The person you designate as a LEGACY CONTACT can maintain and access your Facebook account after your death if your account is memorialized. Your LEGACY CONTACT will be able to respond to posts on your account and post status updates such as information about memorial services. If you give permission, your LEGACY CONTACT can also download a copy of what you’ve shared on Facebook, including your photos.

If you don’t want your Facebook account to remain when you’re gone, you can use the LEGACY CONTACT feature to say that as well. If you prefer, you can instruct Facebook to delete your account after your death.