Facebook Security

Secure your Facebook Account with Two Easy Steps

Step 1. Enable Two Factor Authentication via an anonymous Security App.

Enabling two factor authentication (2FA) is one of the best ways to secure your account. Facebook provides two methods.

  1. SMS via your phone – requires service
  2. App based codes via your phone (or tablet) – this does not require an active data connection

If you’re not a fan of Facebook knowing your phone number and don’t want to enable two factor authentication using that method, then you’re in luck! Simply go to the two factor settings page and select “add an app”.

Facebook 2 Factor Settings

You can download the Google Authentication application to your phone and enable it using the steps provided on Facebook’s page. This code generator is 100% anonymous and based on an open standard called “Time-based One Time Password” algorithm.

Once enabled, anyone who attempts to login with your account with a correct password will be required to enter a generated number. This number changes every 30 seconds. Facebook will generally ask you to use the 2FA code when you attempt to sign in to an unknown computer or device.

Step 2. Remove Those Old Apps

If you’ve ever been a “victim” of spam posts, it’s likely an old rogue app posting on your behalf and tagging your friends.

You’ve probably added a lot of apps in your life time. Some may be dead, and some may be harvesting your data as you sleep. Head on over to the applications and websites settings and you’ll be able to see them all.

Just review and edit ones you think you no longer use. You can remove them outright by checking the box and clicking “Remove.”

You can also use this to report bad apps that you may have.

Hopefully this helps you out.

Linux Randomness Security

You Want Us To Be Secure…

But you make it so complicated.

From a technical standpoint, I understand how simple it is to create certificates for SSL/TLS and put them into configs and use ’em.

From a user standpoint, I can not understand the who/what/when/where/why as to the whole security industry and being so damn complicated.

So many SSL providers out there off you packages from FREE to thousands of dollars and for what? It’s just encryption. It’s just a browser asking “Hey, is this certificate valid still?”

So many providers also make it hard to just register. You’ve gotta jump through hoops and do crazy things like create a CSR and upload it when they could just have a simple, secure (irony) web form to let you generate one on the spot. Sending documents back and forth to “verify” your identity.

Seriously, I just want some encryption.

I also like the “we need to verify you’re the owner” processes… so many loopholes.

There’s a huge opening in this industry for someone who wants to make this whole process simple and easy (and cheaper). Just sayin’.


Don’t Allow Facebook Apps to Get Your Email

Just say no to these prompts. There’s no need a Facebook application has any need to email you directly bypassing the “safe” realm of what Facebook already offers.

Applications that need to contact you can already do so via your in box, application counters, and emailing you via Facebook’s email proxy. (A proxy which protects you from the malicious behaviour I’m about to describe…)  There is just absolutely no reason that Mindjolt (no offense guys, you were the first that I saw this using and the rant below is not directed at you) needs to email me anything, ever…


Google’s Security Updates…

Google seems to be rolling out an interesting pack of security updates for their sites.  The only official announcement I’ve seen is for Gmail, but I’d expect this to come for many other services.

Currently a lot of Google services work fine with https (docs, calendar, but none seem to offer the same default options that Gmail has.  Hopefully that will change soon.

Co-incidentally, it may just have something to do with this recent announcement from their Chief Legal Eagle.


Don’t Trust Facebook’s Photo Privacy At All

You constantly hear about things happening to people because of things on facebook.  Mostly pictures and how certain people who probably shouldn’t be able to see them somehow managed to see them.

And it goes sort of like this.  I have a photo album called ‘Pets‘ and this album on Facebook.  This album has the privacy setting “Friends Only” and as you will see if you click the link to the album a few things will happen depending on who you are and whether or not you are logged in to Facebook…


GeoLocation Technology is Frightening Me.

Firefox 3.5 added support for “My Location”; Google Maps added a feature “Show My Location.”

One random day I thought I’d try it out and see how well it does. I’m only using a laptop with no real GPS technology built in.  I have a phone, but it doesn’t support anything fancy. It’s just a phone.

When I first clicked the “Show My Location” circle on Google maps, Firefox was kind enough to ask me if it was OK for Google to know this. I said yes, because I wanted to know.  To my surprise, awe, and WTF? It had my location closer than I could have ever imagined.