Facebook Lockdown

Facebook Lockdown: a reader asks…

I received a notification email from Facebook that looks very real, but I’m not sure what’s going on. The email said that they received a request to reset my Facebook password. I didn’t ask for this. Is someone hacking into my account? What should I do and do you know what’s happening?

First off, if you didn’t request a password reset, then this email was not instigated by you. Second, the email looks to be legit, and this is how Facebook responds to a password reset request that’s initiated on the Facebook login web page. Third, anyone can request a password reset from that facebook page, and use whatever email address they want. So this is by no means an indicator that your Facebook account is being hacked. It merely means that someone has unsuccessfully tried to reset your account password.

I’m seeing a significant increase in bot activity that tries to log into various websites like Facebook and other social media, as well as banks and shopping websites. What’s happening is that a hacker or scammer (or organized groups of such) is/are buying lists of login credentials that are for sale on the dark web, and using them to try to log into potential victims’ accounts online. They operate like direct marketing, knowing that they’ll only get a small fraction of successful attempts.

And of course they don’t care about bothering you with those unsuccessful attempts. Lastly, those hackers and scammers aren’t sitting at a computer doing this manually, they have automated scripts (bots) that handle this for them en masse, creating thousands of login attempts in just a few minutes. All it took was getting a list to try, and writing a script to execute the keystrokes. This can all be done easily and cheaply, and the few attempts that are successful make it worth their while to keep doing this. We all pay the price – but mostly in the annoyance of receiving these emails.

For netizens who are unaware of, don’t bother with, or are otherwise not caring about their online security, these attempts can end up locking them out of their account(s) and/or stealing money, access to other accounts, or worse. Everyone who uses the internet these days needs to:

1. make sure that their online account passwords are all unique (don’t use the same password on multiple websites), and strong (at least 15 characters and not easily guessable), and
2. be vigilant in recognizing attempts to gain access to any of their online accounts and taking appropriate action (such as changing their passwords), and
3. enabling 2-factor authentication for any online account that has that capability (either with an email or text message code for logins, or better yet, using an authentication app on their smartphone).

In the case of Facebook, most user accounts are secured either by setting up a 2-factor authentication method, or by Facebook’s own authentication method. For the latter, anytime you try to log into your Facebook account from a new computer or device (which you haven’t previously used), Facebook either emails or texts you a login code, or tells you to open Facebook on your smartphone and authorize the login from there. However, these methods aren’t as strong as an authentication app.

To setup strong 2-factor authentication for your Facebook account, first install an authenticator app on your smartphone. You can use any one you like. Gmail users probably want to use the Google Authenticator, LastPass users will want to use the LastPass Authenticator, Microsoft 365 users may want to use the Microsoft Authenticator, etc. Other choices include Authy or Duo. It doesn’t matter which one you use, you can pick one for the online account you’ll use most often or pick one that’s not tied to a specific online account.

Once you have that authenticator app installed on your smartphone, visit the Facebook Password and Security page. Click the 2-factor Authentication link and go through the process of adding Facebook to your authenticator app. Most authenticator apps have a + sign to add an account, and then let you scan the QR code with your phone to add the account. Continue following the setup screen instructions to type in the code your authenticator app displays and complete the setup. From that point on your Facebook account will require that authentication code for you (or anyone) to gain access to your Facebook account. Please note that these authentication codes change every 30-60 seconds so you need to get the current code from the authentication app.

Also note that when visiting Facebook on a computer, you can check a box that has Facebook remember that browser, so you don’t need to use the authentication code each time you visit Facebook on that computer. You should only do this on your own computer, and which no one else can use without your permission.

The procedure above will lock down your Facebook account and prevent anyone from accessing it without your permission. But note that this may not stop those emails from coming in, because anyone can attempt to reset your password using the forgotten password link in the Facebook login page. You can’t stop that, so just ignore and delete any emails that come in. You don’t need to worry about if your Facebook account has been hacked, the 2-factor authentication you set up is protecting you.

---

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via (send to @PosiTek), (send to Support@PosiTek.net), using any credit card (no Paypal account required), using Zelle, Apple Pay or Google Pay, or by mailing a check or cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thank you!

Go to Top of Page