What you may not realize is you could be giving your information out to all your friends (or friends of friends) on Facebook just by sharing or commenting on a status which may lead to an account compromise, email take over, or maybe even unauthorized access to your banking account.
What? No way.
Yes way. Let's take a look at what I could find just recently on Facebook, for example.
After a quick look around, this looks like a winner: a copy and paste status which asks friends to share their place of birth. Which is cool! I don't really know where my friends are born off the top of my head so it could be a neat opportunity to learn more about them right?
Sure. But here's the thing, I'm not actually friends with all the commenters to the left but I can still see their comments. Thank you to how Facebook's privacy settings work.
No big deal right?
Well, think about this for a moment... Place of birth is one of the more common questions that is used by websites to help users reset their forgotten passwords...
But Kai! My Facebook is private everywhere else! So what if you can see it through a mutual friend?
Do you know who your friends are friends with? Are you sure they are all real people with no ill intentions or fake accounts just looking for this kind of information? Because I honestly doubt it.
Okay, so maybe you need multiple secret questions. Like, perhaps a Mother's Maiden name or a high school mascot? No way you could find all that information on one person right?
But wait, there's more! With some more snooping, we find a where green went to high school. And after quick google search, I then was able to find green's high school's mascot.
But those are known, insecure questions! They're not used anymore!
Okay, fair. Those kinds of secret questions are so 2000s. So let's take a look at something more recent.
Okay, I didn't really dig. I literally found the question posted up by a friend while I was researching for this blog entry. Any of these answers could be the answer to someone's secret question "What is your favorite movie?" found above.
But why stop there? There's a whole list of movies publicly available to Friend's of Friend's on person 'pastel red''s profile!
Get what I'm getting at yet?
OH NO! THE HORROR! THE HORROR!
Okay, relax. It's not as terrible as it sounds. While you don't know everyone of your friend's friends, it is also likely they aren't gunning after you (security through obscurity, one might say). But there are things you can (and should) do to protect yourself and your information.
- Protect your private information - Exactly as it sounds. Go through your social media profiles, make that secret information private to only you or only you and your friends (not friends of friends, and definitely not public).
- Google Yourself - No really, do it. And do it on a regular basis. Search your common usernames, aliases, etc. You might be surprised what you find is publicly available.
- Be careful what you post - Twitter, Facebook, Tumblr, Reddit, etc... These are all hot sites for hackers looking for your information. Think twice, consider what you really want out there.
- Be careful what you pick as private - If you pick a 'secret question' like "What's your Favorite Book", you better make sure you don't have "Harry Potter is my favorite book in the universe!" posted somewhere where anyone could see it. If you wanna talk about it, it's probably not a good candidate for keeping it 'private'.
- Use Two-Factor Authentication - Two-factor authentication adds another layer of security to your profile. If you need to access your profile, it'll require at least two of the following: something you know (like a password), something you have (like a token or randomly generated code), or something you are (like a fingerprint or retina scan). Seem cumbersome? Well, guess what, if those hackers figure out how to reset your password (something you know) they'll be SoL when it comes to the second factor of authentication (something you have/are) because they simply won't have it. This protects your stuff from unauthorized access and might also alert you if someone is trying to mess with your account. Many websites/ web email/ banking institutions/ etc. offer this kind of authentication nowadays and it can be as simple as receiving a generated code via text. For example, you can set this up on Facebook under the "Security" tab under Settings right now!
A huge part of keeping your information safe is just using some common sense. Be mindful of what and where you post your information. And if you see your friend's posting their information everywhere, maybe give them a nudge and let them know what the consequences could be. And always remember that keeping safe on the internet is a constantly changing task that everyone should be aware of.