Facebook Security

Sharing this information as I’ve noticed a few people lately who have had their Facebook accounts compromised. There are several options within the Facebook Security Settings that can help boost account security.

A good way to ensure your account remains yours is to use a more complex password, something that not going to be found in a Rainbow Table. These are basically a catalog of potential passwords and dictionary words. Many of these are multiple gigs, with some approaching a terabyte of data.

The method I use is a complex password as well as what is called Two Factor Authentication. This means I have to my password as well as another element to successfully login. They call these tokens, Facebook allows SMS Tokens, Hardware Tokens and Software Tokens.

SMS Token is simply a code sent to your phone that you will need to type in before logging in. A software token is similar but the code is generated by an App, Facebook calls this a Code Generator. A popular option for this is the Google Authenticator. This is available for both Apple and Android. I have both of these options set up.

The final option is a hardware token and this is the main option that I use. I purchased a YubiKey NEO from from Yubico. It can be used via USB into my computer and also via NFC with my phone. When I log in, I have to plug this into the computer and then hit the button. If you do purchase this specific one, there is a piece of software you have to install to enable the device. There are other keys that don’t allow for NFC that are easier to use.

Now, all that being said, the two factor authentication only takes place (for Facebook) when authorizing new devices. If you are in the habit of signing into new devices a lot, you will need to utilize the two factor tokens.

Now that it’s all set up, someone either needs my phone or my hardware key to successfully login to my account.

I encourage anyone who is worried about losing their account or who just want to increase the security of their Facebook account and indeed their other accounts to look into Two Factor Authentication and to use more complex passwords. You can test the complexity of your password as places like Password Meter. If you wish to look into what other websites or devices feature Two Factor Authentication, you can click here.