Even though what happened in Facebook’s recent password bungle was likely more an “oversight” than a hacking invasion, experts recommend that consumers double down to protect their accounts and their personal data when using the platform.
Tech security gurus at the International Institute of Cyber Security told ConsumerAffairs there are two recommended steps to enhance online protection.
The first recommendation is straightforward enough -- change your Facebook password. The second one will take a little effort but could have a huge payoff on securing your account. It’s called two-factor authentication.
The process is basically an authentication method where a computer user is allowed access to a site or an app only after successfully presenting two or more pieces of evidence to an authentication widget.
In Facebook’s case, you can use a text-message code sent to your mobile phone or you can use a login code from a third-party authentication app approved by Facebook.
The steps to take
To employ two-step authentication on your Facebook account, here are the steps it recommends:
Go to your Security and Login Settings by clicking the down-arrow in the top-right corner of Facebook and clicking Settings > Security and Login.
Scroll down to Use two-factor authentication and click Edit.
Choose the authentication method you want to add and follow the on-screen instructions.
Click Enable once you've selected and turned on an authentication method.
The pluses and minuses of two-factor authentication
Two-factor authentication has grown into a critical-level nudge from both government agencies such as the Internal Revenue Service and large portals like Yahoo. Given the multitude of devices consumers have, taking the time to put the process into play may be a hassle, but it’s considered a win-win for both the user and the platform.
“Think of it as an extra layer of security … that keeps your account secure even if somebody gets your password,” commented Apple in a two-step authentication how-to video.
However, at least one tech researcher says to proceed cautiously.
“Before you require a second factor to log in to your accounts, you should understand the risks, have a recovery plan for when you lose your second factor(s), and know the tricks attackers may use to defeat two-factor authentication,” wrote authentication technology specialist Stuart Schechter.
Schechter says there are two predominant risks that might make even the most rational, safety-conscious user proceed with caution before flipping the switch on two-factor authentication.
1. You could lose access to your account
“If attackers cannot use a password alone to access your account without your second factor, you won’t be able to either. You may be unable to recover your second factor if your security key, or the phone with your authenticator app, is lost, stolen, or broken. If your phone is out of battery, left at home, or lent to someone else, you may lose access for hours or days,” Schechter said.
2. Confidence in two-factor authentication could make you careless
“People behave less safely when they believe they are being kept safe by others: drivers who wouldn’t choose to wear seat-belts drive faster if forced to wear them and computer users who run anti-virus software are more likely to install risky software,” Schechter continued.
“If you believe that turning on two-factor authentication is a fool-proof way to protect your accounts, you may be more willing to log in from a computer you don’t trust or more likely to risk installing software from an unknown or unfamiliar publisher,”