In the last week, there have been some very high-profile break-ins on Facebook. Most entertaining of them, happened to the sexy Australian doctor on House. His page was hacked by a jilted would-be paramour. To teach him a lesson, she posted a photo-shopped, nude photo of him that made his naughty bits appear absurdly small. But the real-world hacks were just us startling. President Nicolas Sarkozy (France) lost control of his account to someone who announced that the president is not running for reelection. (“That’s premature,” the president responds.) Even Facebook founder Mark Zuckerberg was not safe. His account was taken over by a hacker with a socialist message about alternative ways to fund the social networking behemoth. If Zuckerberg isn’t safe from hackers, are we?
Zuckerberg’s team say his account was not exactly breached. Apparently a bug allowed the hacker to post to his site without actually allowing the hacker in. They also claim that only high-profile accounts were affected by the bug. (Is that reassuring? Does it even sound plausible?) Doctor Chase confronted (and in the process fell for) his prankster. And President Sarkozy was quick to point out (rather French-ly) that there is a lesson in the attack – one that leaders ought to occasionally consider, “No system is infallible.”
The team over at Facebook seems to be heeding that lesson at least. It launched two security measures yesterday – and two more a few months ago — that merit your immediate attention if you have a Facebook page.
The first is simply an HTTPS log in that allows you to visit Facebook on a secure connection. The company is rolling this out slowly but you should soon be able to turn it on in at My Account/Account Settings/Acount Security.
The second is called, “social authentication.” It takes the idea of CAPTCHA – that frustrating security step that asks you to eyeball some mangled letters, translate them to English, and type them into a box before you can log on — a step further by tapping your social network to devise a quick test. If the site sees that you logged in from, say, Denver in the morning and London in the afternoon, it might ask you to authenticate your identity by showing you a picture of a friend and asking you to choose her name from a list. (This could prove embarrassing for those of with so many friends we can’t remember their names or faces.)
And back in October, the company announced one-time log-ins and remote log outs.
If you are logging in from a public computer and don’t want to reveal your log in to the computer or the people milling about, text “otp” to 32665 from a U.S. mobile phone to receive a password that can be used once and expires in 20 minutes.
If you have already logged in from another computer, you can check that you didn’t forget to log out from wherever you are. In fact, you can check anytime to make sure you recognize all the recent log ins to your account. Again, go to My Account/Account Settings/Account Security. You will see a list of recent log ins and where they occurred (based on the computer’s IP address.)
There is a bit of new buzz happening on the Web today saying that Facebook isn’t safe. (This guy says you should quit right now.) Of course, nothing is completely safe. But it is worth stopping to think about your risk and to look at your privacy settings and personal practices. In the last link, the cybersecurity author makes some excellent points about Facebook apps. They often allow the app developer access to too much personal information. That – and the annoying steps they all seem to require – is the reason I don’t install apps if I can avoid it.
Should you be afraid? Sure. It’s a public place. You should always be a little wary. Every time you leave the house you decide how much risk you are willing to take to do so. That’s has been true since long before Marcus Annaeus Seneca said, “To keep oneself safe does not mean to bury oneself.” He died in 54 AD.
Just don’t forget that when you log onto Facebook, you are out in public.