Friday, 18 January 2013

Facebook Security Tips and Tricks

facebook security tips and tricks


Facebook is the most popular site now days. We use Facebook daily here and there. I am sure that all of you are aware of the news about Facebook Account hacking. So many Facebook Account had been hacked. 
Then the automatic question comes into mind that how we can securely use our Facebook Account. Today I am going to share you some tips and tricks about the Facebook Security.

I will be the sharing the details of the following security tips and tricks. They are: -
  1. Use a Good Password
  2. Do a proper logout
  3. Avoid malicious script
  4. Avoid Clickjacking
  5. Use secure browsing
  6. One-time password
  7. Monitoring account activity
  8. What to do if your account has been hacked
  9. Precautions for Malicious script and Clickjacking


1) Use a Good Password:-
Using a good password is a first step of securing your account. Use characters, numbers, and special characters in creation of your password.

Don’t use the same password for all the accounts. If you are using the same password for all the accounts, hackers can easily access your other accounts too. If they can access your mail accounts they can access your valuable mails like net-banking related.

Change your password regularly. 

Please don’t share your passwords with your friends. 

2)  Do a proper Logout:-
Logging out your Facebook account is an effective way to protect your account. Exit a browser or close the web page not really logs you out from the Facebook. The next person who opens the Facebook automatically found him into your account. 

Suppose you forgot to logout of your active session, you can remotely close your session.
Go to Account security -> Security settings 


There you can see how many sessions are active. If you want to close any session, click on the End Activity.

3) Avoid malicious script:-
Don’t copy paste any script into your browser without knowing what it is and what it will do?  The scammer tries to trick you to pasting script into your browser. 

4) Avoid Clickjacking:-
Clickjacking is a technique used by attackers to tries users into clicking on links or buttons that are hidden from view.

Lets see the sample Clickjacking scenario, suppose you want to play a Game for that you are clicking on a PLAY button, but you are really clicking on a hidden link. 

Since you can’t see the hidden links so you have no idea what’s really happening. You could be sharing your personal information to others or downloading some malicious code into your system.

Clickjacking can be happen for LIKE or SHARE button also, what be click here and there so many times daily.

 So please don't click on LIKE or SHARE button when you found some suspicious post.

5) Use Secure Browsing:-
You can securely browse your Facebook account. For that you need to type https://www.facebook.com. When you browse with https:// the data transmission between your browser and web server happens in encrypted form. 

When you use https:// don’t forgot to check the SLL certificate
https:// and how to check SLL certificate I have already described in my post “How to do secure online transaction”. Please refer this post if you don’t know why and how to check SLL certificate.

If secure browsing is not enable, you can enable it.
Go to Account security -> Security Settings



Click on the Security Browsing -> Edit -> Check on the Browser Facebook on a secure connection (https) when possible.

6) One-time Password:-
You can also use the One-time Password facility provided by the Facebook. Suppose you are accessing your Facebook account from cyber-café or any public computer that time you can use this feature.
To use OTP, you need to register and verify your cell phone with Facebook. Whenever you want a OTP, you just need to send a text message “otp” (for “one-time password”) to 32665 (FBOOK). Facebook will give a OTP password, you can use it for logging instead of using your normal password.

7) Monitor your account activity:-
You can monitor your Facebook account when someone is accessing your Facebook account from another mobile device or computer. 

For that you need to enable the LOGIN NOTIFICATIONS, if you enable this Facebook will send you and email or text message to your cell in case somebody logs into your account from different computer or mobile device.

How do you enable LOGIN NOTIFICATIONS?
       Go to Account security -> Security settings 



Login Notification -> Edit -> Choose notification options
When next time you log on to your Facebook account, Facebook will ask you Name New Device. You can give the new device name if it is trusted device or click on the Don't Save.



8) What to do if your account has been hacked:-
    To recover a hacked Facebook Account, you need to go to http://www.Facebook.com/hacked.



After that you need to follow some security checks.
When you do that then either you or hacker can’t use the account. You need to follow four-step process to reclaim your account.


I am expecting one question should be arise in your mind regarding Malicious Scripts and Clickjacking. If you can’t figure it out the link is Clickjacked then how can you take the precautions?
Let’s talk about what precautions you can take for Malicious Scripts and Clickjacking.

9) Precautions for malicious scripts and Clickjacking:-
WOT (Web of Trust) is a tool which can help you to avoid Clickjacking threats. WOT maintains a database of safe sites as well as malicious sites.

NoScript Firefox plug-in allows JavaScript, Java, Flash and other plug-in to be executed only by trusted web sites. You can also select the sites from which you want to run the scripts.

WOT and NoScript are free software. Download and use.