Facebook is a very popular social networking site, over 1 Billion users around the world use it. As with any online activity you are vulnerable to all types of attacks such as social engineering and phishing attacks to obtain your information. Thankfully Facebook and other social networking sites have improved their security features to prevent these types of attacks from happening.
One feature is the Code Generator, which generates a random code on your mobile phone and is only valid for 30 seconds, even when you’re not connected to the Internet. These login codes can also be sent to you via Text Message. This feature will block attackers even though they have your username and password because you must first have the correct login code in order for your session to be authenticated. There is a downside to this, once a session is validated it is stored as a “safe” device meaning that it will no longer be prompted for the login code. So this feature does not help you if you have your laptop stolen and you have your browser remember your login credentials.
A security feature which is available on many online accounts is the ability to set a secondary email address along with security questions to verify your identity. Having this second email address is convenient because even if your primary email is compromised you can still reset your password using your secondary email. Security questions go the extra step in that they help give you that extra sense of security. Although even this has a downfall because many unsuspecting users have cookies and data caching enabled on their browsers. Data is often saved in specific input fields on a webpage and can be easily recovered by an attacker. The best practice to avoid this is to clear your cache, cookies and history upon closing your browser.
Facebook also has auditing features which allows the account owner to see where their account is currently being logged in from. If there is an “active session” that you are not aware of, say for example someone logged into your Facebook in another country. You have the ability to end this session. To add to this you can add a Trusted Contact which are essentially people you can reach out to if you need help getting into your Facebook account. You can choose 3 to 5 friends to be “Trusted Contacts” in the event of you forgetting your password and cannot get to your email account to reset it.
Having proper net etiquette is a good way to avoid having your social media or any online account compromised. Other than phishing and social engineering attacks, many attackers have other tricks up their sleeves such as wireless network monitoring which entails “sniffing” or capturing wireless data over the air. With proper net etiquette you are aware that any data is essentially unencrypted especially when you have attackers monitoring you.
Follow this link for more on Facebook Security.