If you are a regular reader of Loginhelper you know that security does not end with the selection of a strong account password. The password may be the most important aspect, but there are other factors to consider. This includes making sure you are on the right site before you key in your login name and password, or protecting your email account that is connected to Facebook.
Facebook’s Security Settings can further improve your security when interacting with the social networking site. This short guide looks at all available options, and explains how to best configure the settings to protect your Facebook account.
You can load this page or click on the down arrow, select Account Settings and then Security to open the settings page.
We have seen many attacks on user account information in the past years. These kind of attacks have increased as the Internet moved forward to become everyone’s favorite pasttime, and even more than that. Attackers are still making use of phishing attacks, mostly by sending out mass mails, to steal login, financial and identity related information. A second group has moved on though and started to hack the servers and websites directly to download their databases.
With part of the user base selecting weak passwords, it is easy to parse through the database to get a list of working passwords in record time.
Good security begins with a strong password. Opinions differ a lot when it comes to the definition of strong. Most agree that users should not pick dictionary words (like apple), first or last names, teams, brands or other words that may make their way on a word list. If you are asking me, I’d say your password should at least have 12 characters, and if possible at least one upper char, one lower char, one number and one special char. Tgo5ggg3dc_rr4 would be a strong password.
Strong passwords are just the beginning though. Some websites for instance may save your password in plain text. It is a security taboo, as it provides attackers who download the site’s database with all the information they need to wreak maximum havoc on the site and its users.
That’s one of the reasons why 2-factor authentication is so important. This basically adds another log in layer to the login process. Facebook and Google make use of 2-factor authentication.
2-factor authentication
With 2-factor authentication enabled, you will receive a code on your mobile phone or device that you need to enter to complete the login process. An attacker who managed to steal your username and password, for instance with a keylogger, would not be able to log in to the site if the additional authentication step had been enabled previously.
Google users can enable 2-step verification in their Google account. This link opens the Account Settings page on the Google website
You need to click on the edit link next to 2-step verification to configure the security layer. Please note that you need to enter a mobile phone number during setup. This is the number that Google will send the codes to whenever they are needed.
I suggest you open the official announcement post over at the official Google blog site to read up on the instructions.
Facebook’s 2-factor authentication system works slightly different than Google’s. It only asks for a code if a user tries to log in from a new device. It is still important to activate it to improve the account security.
You can configure the feature here on Facebook’s Security Settings page.
Please note that you need to have a mobile phone number configured in your account to complete the setup.
Live.com is Microsoft’s all in one authentication service where you can register and then use the same credentials for many different things. For example, if you own an Xbox, or have a Windows Live Messenger account, or if you use Hotmail, then you’ll already have a Windows live.com sign in.
Many people like having one single username and password to access services they use regularly. It saves the need to remember multiple passwords, and in this day and age when there seems to be so many different websites needing usernames and passwords to access them, having less to remember is a godsend. A single sign in point also means that once you’ve used your live.com sign in to access one service, you’ll also be able to access all the other services too. Your computer should remember your credentials in its memory, or cache, and not bother you again.
Facebook earlier this year confirmed that they would improve the login process on Facebook by implementing two factor authentication. Today Facebook announced that the new feature has finally been added to the social networking site, and that all Facebook users can make use of it.
Facebook Login Approvals, that’s the official name of the feature on Facebook, protects accounts with an additional code that needs to be entered when logging into Facebook from an unregistered computer.
We have been receiving an increased amount of emails and comments of Facebook users who have difficulties logging into the popular social networking website. Our initial guide, called Facebook Login, has helped many Facebook users, but some still had difficulties despite the guidance.
We have created a PowerPoint presentation and a PDF document to better aid Facebook users log into the website. Both documents have the same contents and contain all the necessary information to fix Facebook login problems.
You can download the help documents below. We have also added them to the sidebar here at Login Helper and linked them in the original Facebook login post for greatest exposure.
Not the username, but the password is the most important part of an online account, and it is relatively easy to explain why. A username usually is displayed somewhere on the site the account is for. A Facebook wall post, a reply in an online forum or the writing of an article all show the username in one form or the other. And even if the username is not displayed openly it can be guessed more easily or often substituted with a user’s email address.
test your password
An account password on the other hand is not visible anywhere. Attackers with the right account password can usually get into an account easily, not so on the other hand if they only have the email or username of the user on the site.
Now that we have established that passwords are the most important part of a user’s online presence we need to find out how to make them as secure as possible.
You probably have come upon password security questions before. They are often used when a user forgets the password to an account to identify the user. The major problem with those security questions is the fact that they often only display general questions that the user can chose from during configuration. This includes the mother’s maiden name, the first school, the favorite sports team or the birthplace.
Asking those questions is problematic because of two things. First, they are not that secure if the attacker has access to information about you. Your mother for instance would surely know most of the answers to those questions, as would a close friend and even most work colleagues or class mates might. The second problem with these type of questions is that they can also be easily guessed. The number of possibilities is a lot smaller than the number of possible passwords for an account meaning an attacker could simply try the most popular answers to see if they would be a hit.
Phishing is an attack form that is usually carried out by email. The term phishing is made up of the two words password and fishing which describes the basic concept. Attackers try to convince the user that the email has been send by a trusted organization. Most phishing emails fake emails from financial organizations like PayPal or banks but other services like social networking sites such as Facebook or MySpace are also targeted by phishers.
Links in those emails lead to fake websites that look like the original website. The only purpose of those fake websites is to catch the login data of the user who does not realize that the fake website is not the real one.
