Have you created your security question yet for your Facebook account?
In case you did, then beware .. someone else can still hijack your account claiming to be you just by guessing the answer of your security question !!
What on earth? oh yeah, to understand this, first you need to be aware of a few facts:
- Security Question can be created only once on Facebook, you’ll never be able to change it or even update your answer later !
- Facebook gives you the opportunity to recover your account if you believe your account has been compromised by another person or a virus, just report your compromised account.
- If you used that reporting procedure and you already lost your password (changed by the hijacker), then Facebook will show your previously chosen security question, and if you did answer correctly, then you will be able to enter “new” e-mail address and “new” password and your account will be locked for 24 hours.
- Facebook will send an e-mail with password change notification to all e-mail addresses associated with your account (including the new one you just entered), that notification will have a safety link to rollback the whole recovery process in case it was in fact a phishing scam.
Seems fine, is it not ?
Well .. what if you chose an easy security question with an easier answer, something could be guessed by one of your acquaintances, who else is likely to know who your first grade teacher was, or what street did you live on when you were 8 years old, or any of the other choices provided by Facebook?
They do not even give you the option to enter your own security question !
Combine that fact with bad luck .. like someone have successfully guessed your security answer while you were doing camping in the desert for 3 whole days with no phone signal or internet connection available !
Or you were sick at the hospital !
Or you just ignored your e-mail inbox for a while !!
Most likely, that person will successfully have your account pretending to be you, and Facebook can do nothing about it !
They gave you your 24 hours to catch the hijacker, remember ?!
How ironic .. those who did not create their security question, they won’t fall for this, because Facebook will ask them to either have access to one of the e-mail addresses associated with their compromised account (which is silly, sure the hijacker would change those), or they have to request some sort of verification from 3 of their friends (in case the hijacker did not “unfriend” them all), yet still this procedure is much harder for the hijacker from the first place, he had to have access to your e-mail too in order to use this procedure to steal you account !
If the hijacker holds deep feelings against you, your account could be lost forever just by blocking all your friends, changing all your e-mail addresses, starting to post shit in your name to your friends, or even delete your account !
No need to exaggerate, the point is: you still can recover your account from the hijacker because he also can not change your security answer !
All what you need to do is to keep an eye on your e-mail inbox at least once every 24 hours, so you won’t miss such an important password change notification, it holds your key to survive the hijacker ..
For that matter, I recommend you getting a Blackberry phone with internet access !
It’s the best way to get e-mail notifications while you walk around, and of course try to avoid desert camping !
If you did not yet create your security question, then it’s your lucky day ..
You need to create that indeed, just remember to type an answer off topic, something doesn’t related to the selected question !
Finally, some extra security might help in addition to your security question, have another look at your account security status ..