Let’s talk about password security and Facebook privacy

Social Media
facebook logo

Forget Google+, or the rise of LinkedIn, in the digital world 2011 will be remembered as the year that online privacy was destroyed.  Not only did prominent websites and networks get hacked, we also saw the transposition of the EU Cookie Directive into member states’ law books and the rise of hacking groups like Anonymous and Lulzsec.

So what about you and your business?  Do you have anything to worry about?  Unfortunately, yes.

Reusing the same password on multiple sites

I know, it is hard to remember all those different passwords and, to be honest, it’s just easier to use the same passwords for each account and login. Even if your password is over 20 characters long with a crazy combination of symbols it really does not matter how difficult it is if you are using it across multiple sites.

Why? The risk here is not some brute force hacker trying to “hack” your PC but the websites you created accounts with.  For example, if you use the same password on an insecure site then hackers have enough information to try out those details on Gmail, PayPal, eBay, and other secure sites.

One of the best examples of this came in late 2010 when hackers gained access to the hugely popular blog, Gawker’s, database and released the email addresses and passwords for thousands of its users.  So serious was this attack that several other sites, including LinkedIn, changed some of their users’ passwords in order to protect their privacy.

Writing on their blog LinkedIn’s Vicente Silveira described what they did, “As we closely monitored the situation, we decided it was imperative to take preemptive action to help ensure that those leaked passwords were not being used to attack any LinkedIn members.

Anonymous hackers

Anonymous hackers

Here’s how we’ve taken steps to address this situation in the past 24 hours. We’ve identified a very small fraction of our members whose accounts could potentially be affected by the recent breach. If you were in the group of users who may have been at risk, you should have received an email with instructions to reset your password. Note, to make sure we have you covered, you will receive an email from us to each email you have on file. You only need to act on one of them.”

In order to keep you protected online try the following;

- Use unique passwords for important websites like e-mail, payment, and social sites.- Changing of your password each month or at least every three months.

- Don’t just register on each website that you fancy.- Alternatively, use a different email address when subscribing to a website.

- Look at your browser’s address bar to make sure you are signing in to the real website.

Facebook and any other social networking site

There are certain things we want public on LinkedIn, Google+, Facebook, Twitter and others, but our email addresses and passwords are not amongst them. These sites make money by selling advertising space to companies based on the content you upload or comment on.

But what you might not know is that in-network apps use the same method to generate revenue.

Facebook App Authorisation request

Facebook App Authorisation request

Apps such as “Who fancies you”, “I look like this movie character”, “This person answered a question about you” are designed to capture information about you.  Many of these are reputable but you should still be conscious that using them allows them to access some of your personal social networking information. So, when you click on any of them you are

actually authorising them to look at your personal details and that of your friends, allowing them to create a personal marketing profile based on your preference and even selling to third parties.

In order to prevent this and to keep your personal details secure you should try the following:

To Get rid of those apps in Facebook by going to Facebook’s Privacy Setting page

- Account

- Privacy Settings

- Apps and Websites (Edit your settings)

- Apps you use (Edit settings)

- Remove all of the apps listed there

In general don’t authorise apps to access your Facebook account if you are unsure of who created them.  Don’t authorise applications just because someone else did and remember, Facebook is not private, you will not be able to completely remove your chats or posts or anything you put on it and all information belongs to Facebook and not you.

These apps are available across several social networks, so it is recommended to get rid of all of any applications you don’t need or use.

Comments are closed.