I originally posted this to facebook for my friends, but I figured it’d be worth sharing here too!
One of my facebook friends accounts was hacked. The hacker used that information to make a copy of my profile that is totally fake. They used my picture and name because my friends have access to this information. You can tell it’s a fake account because it says it was created in Nigeria and it was created very recently before the chat starts. Not sure which one of you guys it was, but I’d like to use this opportunity to talk to you all about privacy and security.
If you want to harden your security and protect your privacy, I AM SUPER HAPPY TO HELP OUT! Please reach out to me on discord and I can help you make your digital life more secure.
Never use the same password at two different websites. This make it so that if your password gets compromised on one website then any bad actor can try to log in as you with your email and password to every website. You can check if your login and password have been compromised anywhere here https://haveibeenpwned.com/. If it has, you really need to change your password. If you sense something fishy going on, change your password and tell the app you’re using to log out all of your devices!
Use a password manager. It’s really not that hard to set up. It integrates with your browser (all of them but I highly recommend Firefox for privacy and security reasons), your phone (both iphone and android) and it will help you set strong passwords that are different for every app you use. You don’t even need to know the actual passwords, you just need to know your “one password” to unlock your password manager and it’ll fill out your password on every site for you. I can honestly say I don’t know my password to any website anymore, they all look something like this: “PwgiqvfFF@TQU88^j”. When facebook asks me to login, I just click the passwords button in ios and my phone does faceid and then puts the password in for me. I barely even type passwords at all anymore because everything is so simple and I’m way more secure because of this. I use a selfhosted copy of bitwarden, but for something simple I recommend https://lastpass.com or https://1password.com.
Use Two Factor Auth (or 2FA). Most good websites allow you to set up 2FA now and it adds an extra layer of security to your accounts. 2FA is more of a pain than a password manager, but it makes your accounts WAY more secure. A password is something “you know”, 2FA makes it so that in addition to “knowing” the password, you have to be in possession of a device that generates a code for a login attempt to work. https://www.tofuauth.com/ is a great open source 2FA solution, but https://authy.com/ is also great and easy to setup.
If you don’t think your privacy matters, watch this ted talk:
Learn more about privacy and security with these resources:
Feel free to share this whereever, I’m happy to help people get this stuff setup them selves!