Sometimes a password alone is not enough to prevent hackers from breaking into your Facebook account. A 44-year-old learned that the hard way recently when someone hijacked his page to publish inflammatory abuse.
It appeared the Turkish-speaker was publicly vilifying the victims of a terrorist attack in Turkey. The result was thousands of protesting messages to him from other users, many enraged and threatening.
Police in Germany say they are satisfied he did not write the abusive remarks. They assigned the man his own security detail while they tried to work out how the hack happened.
To help make that kind of impersonation more difficult, Facebook offers security settings that go well beyond password protection.
Users can find them by clicking on the black inverted triangle in the upper right corner of the page, and then on Settings. In the Security setting there are two options from which to choose – Login Alerts and Login Approvals.
With alerts, you will get an alert when anyone logs into your account from any unrecognized device or browser. That means there is still time to secure the account and set a new password to shut out the impersonator.
Take time to think up a good password. It should have at least eight characters and include upper and lower-case letters, numbers and special characters, recommends the German Office for Information Security BSI, a government anti-hacker lab.
Names of family members, pets and friends as well as birthdates are easy for anyone well motivated to guess, so don’t use them. With Login Approvals, a second security level is activated to add even more protection.
If this is activated, users can only log in from novel smartphones or computers after entering an additional security code that is generated on the fly. It will usually be sent to a pre-determined smartphone via a text message, an insuperable obstacle for a hacker.
The security settings also show users which devices are currently actively logged into Facebook. Users can end any of those sessions. This way users who forget to log out from a borrowed device can do so later, or of course kick out any undesired users they discover.