It’s bad enough when your login credentials are stolen from your favorite website, but it can be way, WAY worse when those credentials are for your Facebook or Google account.
People often ask my why it can be a total nightmare if your Facebook login is stolen. There are two reasons why.
First, these are what I like to call “gateway logins.” There’s another name for them in technical circles but the point is that many of these logins, such as those for Facebook, Google, Twitter and a couple of others can be used to login to many other sites.
Listen to the podcast:
Watch the video:
You probably know that websites occasionally offer you the alternative of logging in with your ID and password from these other sites. It’s convenient for you and it saves those websites the hassle of having to verify your identity, under the assumption that the larger sites already have.
So anyone who steals, say, your Facebook ID and password can now try to use it on many other sites and they won’t have to verify themselves on those sites when they do. This presents a really dangerous situation for you because you’re vulnerable in hundred other locations now. If that happens you’ll have to change your password – at the least – for that gateway login and do it quickly or the thieves could do some serious damage.
Second, if someone gets access to your Facebook account – or any of the others for that matter – there will be a veritable treasure trove of information available to them that they can then use to guess other passwords or hints to passwords on lots of other sites.
Your Facebook profile probably shows a lot that you use for hints or actual passwords in other places – the name of your pet, the street you grew up on, your mother’s maiden name and a lot more. So if hackers get into your Facebook account they’ll have all that information and then, before you can do anything about it, THEY will change YOUR password and you’ll be locked out. That’s when the nightmare really accelerates because you’ll have to get in touch with Facebook’s customer support, explain what happened, prove that you are who you say you are, etc. By that time, a LOT of damage will be done.
So what can you do to protect yourself from having your credentials stolen? A few basic things can go a long way:
- Whatever service has two-factor authentication available, use it. Simple put, when you login to Facebook they’ll send a text message to your phone that you will then have to enter on the login page. If someone tries to login as you but doesn’t have your phone they’ll be blocked. This protects you from 99.999% of hack attempts.
- Don’t write stuff down in public places. You know, that sticky note under your keyboard (I’ve even seen them sticking right on the screen of the computer) or that list that you’ve got taped up on the inside of your cubicle. Get rid of it. Find a password or information manager that you can store all of your passwords in and then secure THAT with a password. Use something relatively easy to remember but complex enough so that a hacker wouldn’t guess it. The street number of your first address followed by the name of the street you live on now, followed by an exclamation point, comma, percent sign or some other symbol from a standard keyboard.
- Label your stuff. I read a statistic from a couple of years ago that shocked me. The TSA – you know, those nice folks that make you take off your shoes at the airport – said that 500,000 laptops were left behind at checkpoints in a single year. Half a MILLION! (I can only imagine how many phones were left in those little bowls where you throw your keys and change.). Why didn’t they get returned? No identification and the screens were locked without any identification appearing when they were opened. Put a simple tag or label on each of your devices that’s easily seen from the outside. Or, even better, put “Reward if found” and a name, email address and phone number (but NOT your cell phone number as that might be the phone that you’ve left behind) on the lock screen on the phone or laptop. That way anyone who turns the power on or opens the lid will automatically see the information they’ll need to return your device.
- That thing I just mentioned – locking the screen – do that. If you think it’s inconvenient to lock your screen and have to unlock it each time you use your phone, I assure you that it is not NEARLY as inconvenient as losing your phone and never having a chance of getting it back, or, worse, having someone see everything you have on it because it’s not locked.
To summarize, getting hacked is bad, getting your gateway credentials stolen is worse but doing nothing to prevent it is inexcusable. These are just some of the simple steps you can take to prevent a major – and I mean MAJOR – problem. Do them now, RIGHT NOW, and you’ll save yourself a potentially huge headache in the future.
Remember – be careful, be vigilant and BeCyberAware!