I have a Facebook account and having been playing with it with amazement. Can you imagine that you can share whatever you want with your friends over 0 and 1s? With a facebook account, I can just tell the world, I have just came back from a vacation of a lifetime, and show the world what I meant by that. I can also tell the world, how bad I was treated by my cable TV provider and urge everyone not to subscribe to them. And the best thing is, all these information are treated as more trustworthy source than other website out there that provide reviews, comments and so on.
Facebook is a creation that will influence this generation for everything - preference, peer reference, social movements, political views, buying habits, and everything around a person. To know a person, we just need to read his/her Facebook profile and viola! Everything about this person is there - birth date, home town, work, and via all the status post, you will know about political view, likes, dislikes, friendship, relationships, etc.
For this post, I will only touch on the surface of a topic that came to my attention today after I read this blog post.
The author stated that if you have a Facebook and Gmail account, your Gmail account security is at risk, at least for now until Google fixed it. Just by reading your Facebook profile, one can easily guess the answer to the Password Hint question they have set for the account. This is because normally people will set these question to something they will not forget and what is easier to remember than those things around them? Pet's name, Car model, home town, etc?
My viewpoint is, as long as there is a password hint that people can set, this risk will occur, especially with Facebook going to make available demographic information to public, (well, in aggregate soon and no person identifiable information yet) we can kiss our privacy goodbye in days to come.
How can I combat this problem? Well, first by setting a password hint that is not available in public, something that only you will know and will not share with anyone else because the information is no longer valid or in use. For example, your first ever car, or your first puppy love, favorite subject in first grade ... etc. That is still not good enough as this information may just accidentally leaked via a comment, or status updates.
The next step is to set a standard replacement character for certain alphabets in that name, for example, replace o with 0, that only you will know and won't forget. 5 - 7 replacements will do. Than replace those characters.
Enter those modified words as the password hint answers. This will greatly enhance the security of your password hint (and password too). However, this is not fool proof and a determined hacker can still gain access to your account via other means but good enough to stop a casual hacker.
The best way to combat this leak is not to have a Facebook account, but that is difficult. Not providing such information in Facebook is another means, but still there will be a chance of leaking. We are living in a transparent world today - let's accept it and practice caution when come to security.
