the IT city, the I.T. Baby


You don’t have time to be hacked: add security to Facebook

Facebook multi or dual factor authentication - step 1 get there
Step 1: on a browser – down arrow, settings

You’ve been using the same format of passwords on eleven trillion websites you use. Who has the time to keep up with generating a new and special password for every single site and using a password generator just is annoying.

Who has the time to spend on with Facebook support after their account’s been hacked, locked out due to posting spam, and otherwise defaced?

A couple of days ago a former co-worker’s account got hacked and she started posting all sorts of spam. Password was changed, phone modified, email changed, etc. Basically a complete loss of the FB account at the moment.

If you’ve got a smartphone you can use the Facebook app to make sure nobody can log on to Facebook without both your password and a timed code, or at least access to your text messages as Facebook can send you a code if the app fails.

Facebook Dual Factor Authentication step 2
Step 2: with phone in hand click Security, Login Approvals, follow steps to get a text with a code

That last part is kind of important as if someone can get your text messages and your password they can probably get into the account still. While most people are probably safe, some have learned that their text messages were redirected by SIM shenanigans, however that’s more in the league of what a government backed hacker going after someone is going to do.

Once you’ve got this second factor of authentication in place any unknown browser that attempts to log in with a correct password will be met with a notice that they require a timed code to get in.

For most purposes you could probably buy a billboard that says your Facebook email is suchandsuch and your password is Facebook1 and nobody should be able to get through without access to texts or your Facebook app on your phone.

Facebook Dual Factor Authentication step 3 - Get Codes
Step 3 – grab some one-time use codes and put them somewhere you can get to in the event of an emergency. FYI hackers, these codes aren’t good any more.

I’ll point out that money would be much better spent than buying a billboard, and you’ll probably be getting a lot of verification code texts and emails about failed login attempts, so you might want to just send that money you would have spent on the billboard to us. That’d be cool.

To turn on second factor security just look in the top right of Facebook on a web browser for a little down arrow, tap that and tap settings, then security will show on the left hand of the screen, click that and Login Approvals is what you’re going for.

Make sure you’ve got your phone at the ready as you’ll have to enter a code they’ll text you.

After you’ve got the thing set up, go back to Login Approvals, click it, and choose to get codes for when you don’t have access to your phone. Store these on something in your wallet in case there’s ever an emergency and you need to access Facebook from a computer that’s not your own (EG: storm hits, cell towers down, phone’s dead, you’ve got a computer working in a Radio Shack and you want to let your family know you’re alive).

As long as you’re on a browser and computer Facebook recognizes you’ll never be asked for anything other than your password. You’ll also probably never get emails and texts at 3am that you’re posting pictures from Kanye West’s Famous video all over people’s timelines.

While you’re under the Facebook hood, make sure you have a couple of trusted contacts set up, you’re not logged in anywhere funky you don’t recognize on Where You’re Logged In, and set up a family member or friend as a legacy contact in case something horrible happens.

Paul King

Paul King lives in Nashville Tennessee with his wife, two daughters and cats. He writes for Pocketables, theITBaby, and is an IT consultant along with doing tech support for a film production company.