5 things that Facebook's security guru says every user should do to be safe online
Facebook has over 1.49 billion monthly active users, with people in the US spending a staggering 27 hours on the social networking site every month.
The company thinks that that kind of sky-high usage and engagement gives it certain responsibilities.
RELATED GALLERY: Peek inside Facebook's data centers where all your digital history is stored
"Because people interact with Facebook so often, we're spending a lot of time thinking about how we can play a role in helping increase security literacy overall across the internet," Facebook security product manager Melissa Luu-Van tells Business Insider.
The company recently released a new "Security Check-up" feature for users and continues to try to find ways to get people thinking about security, Luu-Van says. In some emerging markets in particular, Facebook could be people's first on-ramp to the internet, through its Internet.org efforts.
"We want to help people develop that muscle memory and start thinking about security in a different way," she says. "Good security practices are important for all your accounts and services."
Luu-Van — who says that Facebook is trying to spread the gospel that good security is proactive versus reactive —outlined five things principals that internet users should be thinking about whenever they sign up for a new internet service:
1. Always use good password practices
On the one hand, duh.
On the other, picking a strong, unique password sounds obvious, but people are notoriously pretty bad at it.
Although memorizing different passwords for all your account feels like a big hassle, having the same one for multiple accounts is needlessly dangerous.
Luu-Van says she recommends thinking of fairly long passwords that wouldn't be obvious to anyone but you, or using a password manger (here are a few options). So, no "password" as your password please.
2. Login approvals — also called two-factor authentication — is a must
"You should always add this extra layer of protection to your account," Luu-Van says.
Two-step verification is a way for websites to confirm that you are who you say you are when you try to log in, usually through a code that gets texted to you.
Here's how to set it up for Facebook, Google, Microsoft products, and more.
3. Know what sort of "permissions" you're giving apps
You're probably familiar with that box that shows up whenever you download a new app, asking you to give it access to parts of your phone or information on the account your using to sign in with (for example, if you login with your Facebook account). You should actually pay attention to it.
You should routinely check what you're giving different apps access to, deleting permissions for ones that you don't use anymore and making sure that your comfortable with how your data is being taken, by whom.
"We're hoping that people will become more accustomed with reviewing the information they share with apps," Luu-Van says.
4. Set up "trusted contacts" in case you do get locked out of your account
Instead of writing your password down somewhere so you don't forget it (since any physical or digital documentation could fall into the wrong hands!), you should set up a trusted contact who can help you if you're in a bind. Many services now allow you to set a back-up email or phone number to send special codes to that you can use if you're locked out. That contact doesn't actually get your password: Just a code to help you reset yours.
"Forgetting your password happens to the best of us, from time-to-time," Luu-Van says. "The bigger picture here is being really proactive about making sure that you can get back into your account in case something happens."
5. Make sure you have a legacy contact
This is the most morbid of Luu-Van's tips, but no less important than the other ones: You should make sure that there is someone ready to take care of your digital accounts when you die.
"This stuff is super important to consider, even if it's not something you want to be thinking about day-to-day," Luu-Van says. "Do you want someone to be able to access these things and manage them on your behalf? You need to set up a way for someone to take care of your affairs if something happens to you."
Learn how to set up your Facebook legacy contact — and see exactly what they can do — here.
- Facebook may develop virtual reality mobile app
- Mark Zuckerberg shows that he works at the same kind of desk as everybody else
- FINALLY: You'll soon be able to 'dislike' things on Facebook, says Mark Zuckerberg