Facebook Safety Rules (2FA, Facebook Containers and other settings)

Please add 2FA to your FB/Instagram accounts. It will prevent 80% of account hacks and lost accounts.

Most of account locks/bans is a result of hacked accounts and/or paranoid FB policies that attempt to prevent these account hacks.

When you add 2FA, FB marks you account as "less risky" from one side and 2FA makes hacks significantly more difficult for hackers. For example, you can use VPN and switch IP address without temporary account lock. In worst case scenario, FB is going to force you to login using 2FA.

When configuring 2FA, do at least three things:

  • Primary 2FA method: configure TOTP using Google Authenticator or similar application (I use Aegis because it allows backups of 2FA tokens)

  • Secondary 2FA method: print/save 2FA backup codes in case you do not have access to Authenticator app

  • backup 2FA token or QR code (in case you need to restore Authenticator app)

  • Backup all your tokens from TOTP app (that's why you should use Aegis, Google Authenticator allows backups to Google Account, but not locally on smartphone or on PC)

Optional:

  • configure Authenticator app with FB token on another device (in case you do not have an access to your main smartphone)

  • configure an additional 2FA method using SMS (I personally would not recommend this but for many it will be easy secondary 2FA method).

  • Configure an additional 2FA method using YubiKey Hardware Token or similar device

DON'T use SMS to cell phone number as 2FA! It is unsafe and you chances to lose your account could be even higher than without it. SMS could be "hijacked", you SIM card could be "hijacked" by bribing low paid employee of your mobile operator, you can change your phone number and if you forget to update your accounts linked to this phone number, you lose access to your account forever. You may not have your phone handy or you may not have mobile coverage in some areas (or SMS not received because you are in roaming) and this will prevent you from accessing your account.


After you implement these steps you will forget about account locks/bands that are result of account security issues. Obviously, the bans which are results of real or imaginable TOS violations could not be prevented by these steps.

Another vector of attack on FB account is stolen session/cookies attack (or similar one).

To prevent this on PC... well, nothing is going to help if you have a keylogger/trojan/virus on PC. Don't blame Facebook/Meta for this.

You can significantly reduce the possibility of stolen session/ cookie attack if you use Firefox "Facebook Container" (you run facebook.com and messenger.com in a sandboxed environment) or login to Facebook/ Messenger/Instagram from separate browser that is used only for Facebook sites.

Additional measures:

- use offline password managers to store your passwords (I personally recommend KeePass) . You will need to remember only one password and not hundreds. FB and other services do not like frequent password reminders

- make your FB friend's list private. Nobody except you should have access to this list.
Go to https://www.facebook.com/settings/?tab=how_people_find_and_contact_you and change a corresponding settings 

- exclude your FB profile from search engines. Go to above link https://www.facebook.com/settings/?tab=how_people_find_and_contact_you  and turn it off

- at the same link, turn "Who can Facebook suggest your profile to based on your phone number or email address?" off

- change your default audience to friends here https://www.facebook.com/settings/bundled/
Select "Custom", click "Next", on the next page set following:
Who can see your future posts/stories/reels: Friends
Who can comment your public posts: Friends
Who can see your public profile info: Friends

Do you want search engines outside of Facebook to link to your profile?: No

Last one: do not link your Facebook and Instagram accounts. Keep them separate, with different email addresses and, if possible, with different phone numbers. I am not sure that it is possible to "unlink" these accounts (I never linked them), but if yes, then split them. If one of these accounts is hacked, it will not cause the lock/suspension/hack of another account.


See also

https://www.reddit.com/r/facebook/comments/1ef04ix/please_add_2fa_to_your_fbinstagram_accounts_it


Comments

Post a Comment

Popular posts from this blog

Workaround for synchronization error of Microsoft hotmail.com/outlook.com account on W10M Lumia

Image
MS Exchange and Active Sync protocols stopped working on all Lumia phones at the end of January 2024. What to do: Email (WP8.1 and W10M): use IMAP/SMTP with application password to connect to your hormail.comoutlook.com email address Calendar (W10M only): Use One Calendar app Contacts: no solution or use Memotoo.com service to sync with Google account _______________________________________________ The manual below is for archive purpose only, it does not work anymore. It is a known issue. For unknow reason, email, calendar and contact syncing stops working randomly. Workaround: Let's say your Microsoft account email is xxx@hotmail.com Remove this account from the list of email accounts but leave it as is as Microsoft account. At this point, your Microsoft account xxx@hotmail.com will be used only for  Store, MS Office, MS Weather and OneDrive but not for Email/Calendar/Contacts (disconnected from Mail client) Now second step: 1. Create ActiveSync account (Accounts-->Email
Read more

IMAP, POP and SMTP settings of email providers for legacy email clients without OAUTH2 support

Image
Gmail IMPORTANT: from May 2022 Gmail can no longer be used by third-party apps that do not support OAUTH2 with main Google password. You need to activate 2fa first and create Application Specific Password after this. How to activate 2FA: 1) First go to your google account and log in as usual. 1a) Turn on IMAP here  https://mail.google.com/mail/u/0/#settings/fwdandpop 2) go to this link https://myaccount.google.com/security 3) Goto  "2-step verification 4) Select 2FA method (SMS, TOTP client or hardware token) and enable it according to instructions 5) Do not forget to save or print recovery (backup) 2FA strings. You will need them in case you do not have access to your main 2FA method.  Once this is done, you return to the menu https://myaccount.google.com/security and now by having 2fa activated you can see under "application passwords" Create Application password with access to email (16 characters) Use this password with email clients. The settings are following: IMAP
Read more

Настройки IMAP, POP and SMTP для устаревших email клиентов без поддержки OAUTH2

Image
  Для использования email цлиентов на старых устройствах надо использовать «пароли для приложений» (application password). На «нулевом» этапе включаем опция «пароль для приложений». К сожалению, в большинстве случаев придется включить двухфакторную аутентификацию (2FA, two factor authentication), без которой нельзя сгенерировать пароль для приложения. Это может быть номер телефона / СМС, TOTP клиент (Google Authenticator, Aegis, Microsoft Authenticator) или Email (для hotmail.com). Eсли у вас телефон на Symbian или S40, то используйте totp-me https://sourceforge.net/projects/totpme/files/1.8.Final/ или lockore https://4pda.to/forum/index.php?showtopic=902807 или hotpants (последний раз обновлялся в сентябре 2022) https://github.com/baumschubser/hotpants/tree/master/dist A теперь — собственно к настройкам Gmail Прежде всего, включаем IMAP : https://mail.google.com/mail/u/0/#settings/fwdandpop Включаем Application Password 1) Идем на https://myaccount.google.com/security 2)  "2-step
Read more