A critical thing to understand is that this potential theft of a user's login data affects all sites the user has logged into using her Facebook user name and password. In the interest of protecting yourself, set up a separate password for each site--DO NOT USE FACEBOOK or any other platform's login data. Too much trouble? Read my post on using a password manager. A password manager makes that easy to do and gives additional benefits.
Changing My Facebook Password
I rarely use Facebook but I've had an account for years, so I decided to change my password, partly at the prompting of my password manager. Here are things I learned along the way.
The first time I signed into my password manager, which is pinned to my Start menu, I saw the alert on the left--a quick warning about the breach. A couple of days later I got the more specific alert on the right telling my that 49 of my accounts had been compromised!
Does that mean that 49 of my accounts had been breached? No, it means that 49 of my accounts used elements of my Facebook password. I admitted to lazy password habits in the password manager post and I haven't bothered to change many of them. This time I decided I would at least change my Facebook and bank passwords.
Changing my Facebook password was easy. Using my password manager, a 'create a secure password' box pops up each time I change a password. It creates a 12-digit password composed of upper case and lower case letters, numbers and special characters. It is virtually unhackable and equally impossible to remember! Your password manager will use it to sign you in automatically, so you don't need to remember it--thank goodness!
Changing My Bank Password
Ok, so now I have a safe Facebook password--on to my bank. I followed the same process and the site refused my password. I didn't understand, so I tried again with the same result (yes, I know the popular definition of insanity!). The second time I read carefully and understood that it was rejecting the special characters in the strong password created by the password manager.
Then I actually read the rules of the bank's passwords. The rules did not require a combination of upper case and lower case letters and it did not require special characters, both requirements of many sites. I created a new password using its rules. I'm confident that it is not as strong but it's so silly that I wonder if a human hacker could crack it. But what about a sophisticated tech hack?
I used their contact form and asked to speak to a rep knowledgeable about their password system. If I have an interesting response, I'll write about it at a future date.
The Take-Aways
I'll repeat the advice that is all over the web and add two more that aren't repeated as often but are equally important.
- Change Your Facebook password.
- Change the password on every site you have, or even think you have, logged into with Facebook.
- Use a unique password for each site with which you set up an account. Never log onto a site using your credentials from another platform.
Related Updates!
Facebook use of 2-factor authentication, mobile numbers
No comments:
Post a Comment