Tips on protecting your online personal data while using Facebook apps

Thumbprint providing access to online accounts

In today’s always-on connected world, most people know not to give away too many personal details of themselves on Social Media sites like Facebook, Twitter, etc., as online details can be easily harvested by innocent actors as well as those who have more devious intentions. However, one area most people neglect to protect is when answering nostalgic questionnaires or playing games on sites such as Facebook. The information gained from these items is exactly what bad actors desire in pursuit of a user’s personal assets.

As this article describes, people that play games, answer questionnaires, or otherwise reminisce with people online about personal details may inadvertently give away answers to online accounts’ security questions. The purpose of these security questions is to assist in preventing unauthorized access to sites such as online bank accounts or credit card accounts. Unfortunately, it has been revealed over the years that security questions are a vulnerable method for secondary authorization.

An example of a type of game where a user might provide personal details would be when there’s a word game that gives them a chance to come up with a DJ (disc jockey) name by using their first pet’s name combined with the street that they grew up on. Or it combines the first name of their best friend from high school and the city they were born in. These answers would all be examples to popular security questions for online accounts. In addition, posting an answer to this online can also potentially cause a reaction from others to post their answers as well.

If a user does take part in these questionnaires or games, it’s a good tip to make the security questions for online accounts not truthful (and write down these fake answers for ease of remembering later on). Or better yet, make another password as the answer for the security questions, as in reality, the answer to security questions is just another password. Using another password for the answer to security questions navigates around the issue of having the same answers as provided with these questionnaires and games.

Other secondary authorization methods like text messages to a user’s mobile phone can present additional vulnerabilities, like being susceptible to mobile phone SIM swapping. A better way to secure an account versus using security questions or text messages is to use 2fa (Two factor authorization) through an app like Authy or Google Authenticator, both which are installed on the user’s mobile device. These 2fa apps provide a one-time-use key as a secondary authorization for online accounts. When a user logs in to an online account, they input the number generated by the 2fa app for the secondary authorization, thereby allowing access to their online accounts in a more secure manner. It’s best to setup the 2fa app for all online accounts (bank accounts, credit card accounts, Facebook, Gmail, etc.) where it’s an option.

Reminder to keep passwords secure…

Computer code displayed on Monitor

It is a vitally important practice to keep your passwords safe. As a general rule, never give out passwords to anyone. The article here notes that Facebook asked a user for their email login and password to verify who they were. This can open up a user to phishing attacks.

If you need to use Facebook, it is advised to create a new Gmail account and use that specifically for Facebook, rather than risking the potential of a frequently-used email account being compromised.

In addition to this, it is wise to use different and hard-to-guess passwords for different websites. Using the same password for different sites opens one up again to issues if one site’s password file gets hacked.

Feel free to discuss with us your options with keeping your passwords safe. We’re here to help!

Facebook stored users’ passwords in unsecure manner

User holding iPhone with Facebook, Snapchat, Instagram, Twitter, Chrome, Gmail, Spotify, Facebook Messenger application icons displayed

Facebook stored passwords for hundreds of millions of users, exposing them for years to any person who had internal access to these password files. Passwords are usually encrypted, but errors led to some 200 million to 600 millions passwords being exposed. Passwords that were affected were for Facebook, Facebook Lite and Instagram. More information can be found here.

This is a good reminder of the importance of:

  • Changing passwords often, while making them not easily guessable
  • Using 2fa (Two Factor Authorization) applications on your mobile phone, such as Authy
  • Configuring Facebook to send you alerts in the event an unauthorized computer or mobile device logs into your account
  • Using Facebook to audit your account to see what devices are currently logged into your account, to determine if there are any that may look suspicious

If you’d like assistance with setting up any of these items, or have questions, let us know!