There’s a hidden danger lurking on Facebook.   Something simple and fun that surely couldn’t possibly be dangerous?    I’ll also bet that a lot of people reading this article have probably fallen for it too!

Before I reveal what this threat actually is, I’m going to give you a bit of a refresher on passwords and how to remain secure online.    Unfortunately, passwords are a necessary evil these days, with many websites using them to remember who you are.   Online stores, social media sites, government websites, streaming websites all require a login and some form of password.

Your username and password are a key to a lock and should be treated the same.   Keep them safe and secure as you’ll need them at some point and you don’t want someone to steal them.    And stealing passwords is big business now.   Organised criminals have moved on from the old days of racketeering and are now using the Internet to make money.   If they can steal your password, they can potentially steal your hard earned money!   By 2019, online crime is predicted to reach $2 Trillion!!

So what can you do to protect your passwords?   Firstly, one of the most obvious is to keep them safe.   If you write them down to remember them, maybe always write them down in reverse?   Or keep your password book in a safe?    I remember reading about a gentleman in Glasgow, Scotland, who went in to complain that he could no longer use the ABM outside since they re-painted the front of the bank?  Turns out he’d scribbled his PIN on the bank wall and it’d been covered over!   Sigh….

Next is password complexity.   It’s frustrating isn’t it when you have to come up with a new password 8 letters or more, upper case, lower case, symbols, etc.    There’s a reason for this – and it’s called “Brute Force Attacks”.   Gone are the days where you could just use a word for a password.   This is because hackers soon figured out they could just use a dictionary to guess your password.   A computer can try different passwords a lot quicker than you can – it can go through the dictionary in seconds trying every word to see if it matches.    By using upper case and symbols, it’s a lot harder for a computer to guess your password.

It also helps to use a different password for every website.   After all, if a hacker can guess a password, if you use it everywhere, they can now use it everywhere!   There are tools to make this easier, such as 1Password and LastPass.   These integrate with your web browser to remember passwords for you.   They’ll automatically generate a unique password for every site and you never even have to know what they are.   You have one password to remember and they handle the rest.

A fairly new technique for improving security is called “Two Factor Authentication”.   This uses a combination of ways to make sure you’re who you say you are.   The most common form of Two Factor is to use a cell phone.   Every time you try to log into a site using Two Factor, they’ll send a code to your cell phone.   You’ll need to enter this code, along with your password to gain access to the site.   This way if someone managed to guess or steal your password, they can’t log in to the site without having access to your phone.   Much more secure!

But what happens if you forget a password?   All sites need to have some way for you to reset your password in case you forget it.    Sometimes they’ll send you an email with a link to click on, however this only works if you still have access to your email.   Perhaps you’ve cancelled your account because you’ve changed providers?   Or maybe you’ve forgotten the password to your mail account – catch 22!

Another common tactic is to ask you a series of personal questions.   Questions only you’d know the answer to, such as “what was your first car”?   Maybe, what’s your date of birth?

Well this brings me back to the start and that hidden danger on Facebook.    Ever seen one of those posts – “What was your first car – comment below”.   Or maybe “Take your day, month, year of birth and use the table below to make your Elf name!”?

They seem so simple and fun – what’s the harm in commenting on a fun post like this?   Well comment on enough of these posts and a hacker can now easily go in and reset your password!

It’s the same with fake Facebook profiles.   Someone will set up a new account and use your public profile picture to fool your friends into “friending” this new profile.   The hacker will then have access to your friends profiles and personal information, and can use this against them.   You can easily guard against this by going into your Facebook privacy settings and making your “Friends List” private.   That way, if a hacker imitates your profile – they can’t target your friends with new Friend Requests.

So until next time, keep your passwords secure and don’t fall for these Facebook scams!