If you have been following the Facebook “hacks” that hit Pfizer and Unilever, you will know that those pages were updated by a group called the Script Kiddies to berate the corporations for, among other things, “being evil.” How these “hacks” were accomplished isn’t clear, but they seem to be based on the ability to guess the passwords of page administrators.
If you would rather not have to clean up after a security breach like this, you need to ensure that your Facebook access remains under control. Facebook has some effective secondary security tools that can help even if someone guesses or acquires your Facebook password.
Ensure that all page admins follow these guidelines; it only takes one lax page admin to ruin the party. All settings described here are under Facebook’s Account > Security settings. They are ranked in order of importance.
If any mobile text alerts are chosen below, ensure that your mobile number is verified with Facebook.
1. Login approvals
This setting tells Facebook to send you a text message on your mobile phone when someone attempts to log in from a new “device” (e.g., browser, computer, etc.). Any hackers trying to log on will not have access to your mobile text messages, so they wonGÃÍt be able to log in (plus the text message will alert you that someone tried).
This system only triggers once per new device, so it is not intrusive and it provides an excellent second layer of security.
Our testing shows that not all text messages are delivered from Facebook. If you do not receive the code within a minute of requesting it, click on “I can’t get my code” and then “Resend”.
2. Login notifications
This setting will have Facebook alert you whenever a new computer or device is used to access your account. This alert is good if you don’t need the proactive security of Login Approvals but still want to be aware of account activity and have alternative actions available.
If Facebook detects unusual behavior, it will also alert you the next time you log in.
3. Recognized devices
This isn’t a setting – it is a place where you can see the devices which you have enabled to your account, and to remove any you don’t need.
4. Secure browsing
If you work in unencrypted environments, such as public Wi-Fi areas, or you worry about packet sniffing, you can encrypt all communication with the Facebook servers. Not all Facebook Apps are enabled for secure communications, however, so Facebook will alert you when an App will put you into “normal” mode.
If you maintain pages for clients, you should definitely use both Login Approvals and Login Notifications. The slight inconvenience of enabling new devices is more than made up for by the knowledge that the Script Kiddies and their ilk won’t be able to hijack your pages.