Ruan Bekker's Blog

From a Curious mind to Posts on Github

Review and Secure Your Facebook Account

This post is a bit different from my other posts, but I feel it’s a important one: Facebook Security.

Facebook, everyone loves it right? Yeah, but what happens when you get locked out of your account, or an attacker gains access to your account and start doing things that you dont want to, and especially all the photos / messages that needs to remain private, can potentially end up in the wrong hands.

Facebook usually detects strange behavior, but being able to be pro-active on security on this can help a lot.

There’s a couple of ways how attackers can gain access to your account, but I won’t go into that, google will be your friend if you are curious how they do it.

Scenario: Something suspicious is up / weird behavior / getting unusual messages from groups etc

Usually Facebook will detect this, but if not you can and should do the following:

  • Reset your password
  • Enable Two-Factor Authentication
  • Terminate or Logout all sessions from your account, if you find unknown sessions, report it to facebook and log them out.
  • Review your account’s activity
  • Review Group Activity, if you are subscribed to groups, unsubscribe
  • Reach out to facebook support

Head over to your Facebook Accounts Settings Page:

Head over to https://www.facebook.com/settings , this will be the main view where you are able to configure/review your account. It should look like this:

When you select the “Security and Login” tab: https://www.facebook.com/settings?tab=security , you will be presented with a couple of login options:

Security and Login Info:

The list of your devices that is currently logged on:

Hit the See More dropdown to review all your devices, which is currently logged onto Facebook, if you are not aware of the sessions, hit the Log Out button to terminate that session, or select Not You if you are not aware of that session, then continue to report the activity to Facebook, so that they can look into it.

You can follow up on your incident via https://www.facebook.com/support/ .

Password and Two Factor Authentication:

This is actually the first thing that I would do, is to change your password. If someone did manage to gain access to your password and you are still logged on, change it immediately. If they reset your password before you do, game over. Well kind of..

From the same page, change your password:

Enable "Two-Factor Authentication", when you are logged out, or trying to logon from a new device, a notification will be sent to your device where Facebook is installed, or alternatively, you will receive a code sent to you which you will need to enter after you have logged on, just to provide you with a extra layer of security.

Enable "Get alerts about unrecognized logins", which allows you to set up to 5 friends that can help you unlock your account, if your account has been locked out.

Review your Activity Log

From https://www.facebook.com/settings?tab=your_facebook_information , head over to "Activity Log":

Select "Activity Log", to review your recent activity:

Below Comments, select more, then Security and Login Information:

Then we will be presented with the Active Sessions, Login and Logouts and Recognized Devices.

First look at Active Sessions:

Then Logins and Logouts:

From this same page you can review other activity like Search History, Groups. etc.

If someone had to access/subscribed to groups, you will be able to review the activity, within 3 different views:

  • Groups: any interaction with groups, such as likes, comments etc.
  • Membership Activity: Any group memberships
  • Posts and Comments: Self explanatory.

Final Note:

People try to access accounts all the time, watch out for the following:

  • Friend Requests: people have a lot of private information on facebook, keep it private
  • Watch out for strange applications that wants your permission, review the permission levels closely
  • Reset your password time to time, use unique passwords, and not the same password as the password that your main email account is associated with
  • Watch out for links, some of them can end you up in a bad spot.
  • When you see weird activity from your friends account, report it, so that facebook can investigate it. It happened to a friend and Facebook sorted it out within 20 minutes.

Resources:

Comments