Facebook’s latest account breach: see it as a reminder to update your security

Facebook’s announcement yesterday of yet another security breach, which potentially affects more than 50 million users, is another warning — the umpteenth — of the importance of good security practices. Some people might say that their Facebook account is not especially critical or important, but it is. Even if you do not use Facebook regularly,

you may use your login details on other networks, while the information accumulated in your Facebook account, even if you haven’t used it for some time, could be used for identity theft.

In short, Facebook’s security has been compromised and it’s possible someone could log in to your account without your consent, even if they don’t have your password, so let it serve as a reminder to update your security practices. The criminals who have breached Facebook’s security haven’t been able to access to anybody’s password, but instead the

access tokens, the small files our browsers use to keep them logged on to the site. If you’ve received an unusual notice from Facebook since Friday asking you to log in with your username and password, you may be affected.

What do we need to know about security nowadays? To start with, don’t use the same password. Better still,

forget your passwords and use instead a password manager like LastPass or 1Password, which assigns a password where needed that’s impossible to remember and changes it to another that’s equally impossible to remember if you have a security problem or suspect you might. Whether you’re responsible for your own security or if it’s part of your job, you should consider that traditional security practices, even if they include periodic password changes, are outdated and dangerous, and that password managers are the way forward.

What to do in the context of Facebook’s breach? Start using a password manager, and change the password you had on the social network and, if you had them as independent logins, include services like Instagram or WhatsApp. Once you’ve changed those three, make a round of all the sites you use regularly and replace all mnemonic passwords your password manager identifies and do so in an orderly, organized way, site by site, providing the manager not only with the name of the service, but also the log in page, so that it’s easy for you to change those passwords for others later. In addition, this activates double-factor security: the hassle is relatively small: an SMS on your smartphone every time you log in from a different device, but it will provide you with a good dose of peace of mind. If you want an even higher level of security, you can opt for a physical device, such as those used by Google employees — now available to everyone — or the popular YubiKey from Yubico.

Our digital possessions, whatever they may be, require locks and security systems that reflect the times we live in. Fortunately, security is increasingly convenient and easy to use by non-experts: using a password manager or a hardware key is absolutely within anybody’s reach, and should not be seen as something that complicates our lives, but instead as a simple procedure that makes it difficult for people to violate our security. If you have not already upgraded your security, let this latest breach be a reminder to do so as soon as possible.