Protect yourself from Facejacking

Rik Ferguson, director security research and communications EMEA, Trend Micro

It’s sometimes difficult to believe but our social networking accounts have become, in many cases, a part of our lives which we entrust with a wealth of sensitive information and personal correspondence. Social media is rapidly overtaking email and instant messaging as the preferred communication medium of a generation, our personal and professional lives coexist within a single inbox that holds in some cases not just our messages but also our more frivolous chats.

I still vividly remember the day when I discovered that my brother had found and read my diary, he marked a star on every page where I had called my girlfriend so he could tell mum how long I had spent on the phone. My anger at the violation of a place to which I had committed my deepest teenage angst was of course incandescent, not to mention I got a phone ban… (I still have the diary, so there’ll be no denying this story, bro).

Anyway, as you can tell, the anger still simmers, it led me to consider today that not only is the social network replacing email and instant messaging, in many ways it is also replacing our diaries or journals. My own Facebook represents a much more complete log of my thoughts and activities than I ever managed to commit to a diary (Samuel Pepys I was not) and I am sure that the more committed facebookers out there post a lot more often than I.

So, what am I here to tell you? How to put the strongest possible lock on your Web 2.0 diary, keep out prying eyes and avoid whatever kinds of bans parents are dishing out these days.

Facebook have built in some great features to stop even a person who has your password from accessing your account, this stuff isn’t new, it’s just underused and under-publicised. If you regularly log in from the same device or devices, you can train Facebook to recognise those machines. You can ensure that if someone tries to log in from an unrecognised device that you are notified immediately (if you’re logged in). You can even make that person enter a code that will be sent as an SMS to your registered mobile phone. So unless the snooper has direct access to your personal computer or your mobile phone, they won’t be facejacking (or the less salubrious term, fraping) you, and if they do have that kind of access, well, your problems might be bigger than just Facebook.

So here’s how:

1 – Log into Facebook and in the top right drop-down Account menu select “Account Settings“.

2 – In the Settings screen that appears, click the Edit link next to “Account Security“.

Make the following changes:

a – Tick the box to enable secure browsing, this will ensure that your communication with Facebook is always encrypted where possible and guard and password stealing tools like Firesheep.

b – Under Login notifications, select whether you would like an email or SMS notification when an unrecognised device tries to access your account.

c – Under Login approvals tick the box to have a security code sent to your mobile device, and you’re all set. Even if someone knows your password, they still won’t be able to login without the security code.

This blog post was originally published at

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


The free newsletter covering the top industry headlines