{"id":14194,"date":"2018-12-27T10:00:11","date_gmt":"2018-12-27T18:00:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/12\/27\/news-7946\/"},"modified":"2018-12-27T10:00:11","modified_gmt":"2018-12-27T18:00:11","slug":"news-7946","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/12\/27\/news-7946\/","title":{"rendered":"Why it\u2019s Time to Switch from Facebook Login to a Password Manager"},"content":{"rendered":"

Credit to Author: Trend Micro| Date: Thu, 27 Dec 2018 16:42:43 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Social media sites are increasingly the focus of our digital lives. Not only do we share, interact and post on platforms like Facebook \u2014we also use these sites to quickly log into our favorite apps and websites. But what happens when these social media gatekeepers are hacked? Awhile back, Facebook suffered a major attack when hackers obtained the digital keys to access at least 30 million accounts (originally thought to be 50 million), exposing highly sensitive personal details.<\/p>\n

The attack not only gave the bad guys access to the Facebook accounts but raised the prospect of them also being able to access any linked apps or websites. The message is clear: it may be time to store log-ins for these third-party accounts in a password manager, rather than a frequently targeted social media company.<\/p>\n

What happened, exactly?<\/strong><\/p>\n

As a Facebook user, you\u2019re probably well-aware of the ease-of-use benefit of logging-in to your third-party website and application accounts using your Facebook credentials. Known as Facebook Connect, this is what\u2019s called a \u201cSingle Sign-On\u201d feature: a fast, simple, and straightforward way to log in to your various accounts, so you don\u2019t have to remember multiple different passwords for different sites and apps.<\/p>\n

Convenient, eh? But here\u2019s the problem. At the end of September (in 2018), Facebook discovered<\/a> a major security issue: attackers managed to steal the crucial access tokens which act as \u201cdigital keys\u201d to keep you logged into the site without having to re-enter your password each time you use Facebook. These keys also provide access to all those third-party applications and websites you log-in to via Facebook: everything from Airbnb and Amazon to Tinder and your favorite news apps. Since there\u2019s a chance that the bad guys were also able to illegally access these, they may have been able to gather more of your sensitive info across these accounts to commit identity theft\u2014and thereby gain access to your credit cards as well.<\/p>\n

How did the hackers grab these all-important access tokens? By exploiting several bugs in Facebook\u2019s \u201cView As\u201d and video posting features. (View As is a feature that allows users to see what their own profile looks like to someone else). They ultimately stole access tokens<\/a> for 30 million \u00a0users; accessed just name and contact details for 15 million; virtually all<\/em> profile info including name, contact details, username, gender, language, relationship status, religion, etc. for 14 million; and no info at all for 1 million.<\/p>\n

Facebook has been quick to point out<\/a> that there are currently no signs the attackers did access any of third-party apps using Facebook SSO. However, that may change. It also doesn\u2019t alter the fact that a similar incident like this, or worse, could happen in the future. Social media and web providers like Facebook are a major target for attackers, while human error will inevitably lead to some security mistakes in the future. A bug in Google\u2019s code recently exposed<\/a> the data of 500,000 users of its Google+ social platform, which has prompted their decision to shut down the consumer side of the site within the next 10 months (as of October 2018).<\/p>\n

How can I stay safe?<\/strong><\/p>\n

Post-hack<\/strong><\/p>\n

Facebook has fixed the bugs in question and reset the access tokens of those affected by this breach, which should help to stop future attacks. However, if your account was illegally accessed in the attack, there are a few steps you should take:<\/p>\n\n\n\n\n
<\/td>\n\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Take preventative steps<\/strong><\/p>\n

After the above, consider the following options to keep all your accounts secure going forward:<\/p>\n\n\n\n\n
<\/td>\n\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Will it affect my use of Facebook?<\/strong><\/p>\n

If you disable Facebook SSO there may be some loss of sharing functionality. For example, you might find that you can\u2019t post\/share articles from within news apps direct to Facebook, and instead have to cut and paste the link manually. It will depend, however, on the apps you\u2019re using. At the end of the day, you need to decide what\u2019s more important to you: tighter integration between apps\/websites and Facebook, or keeping your passwords in a separate, secure place away from the social media company.<\/p>\n

How can Trend Micro help?<\/strong><\/p>\n

Trend Micro Password Manager<\/strong> can help you to protect the privacy and security of your app and website account passwords across PCs and Macs, and Android and iOS mobile devices. Use it as a highly user-friendly but more-secure alternative to Facebook SSO. Trend Micro Password Manager<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Generates highly secure, unique, and tough-to-hack passwords for each of your online accounts.<\/li>\n
  • Securely stores and replays these credentials for log-ins, so you don\u2019t have to remember them.<\/li>\n
  • Offers an easy way to change passwords, if any do end up being leaked or stolen.<\/li>\n
  • Makes it quick and easy to manage your passwords from any location, on any device and browser.<\/li>\n
  • Works across both apps and websites, with particular benefit for apps you use in conjunction with Facebook on your mobile devices.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

For more information, or to purchase the product, go to our Trend Micro Password Manager<\/a> website. Note that Trend Micro Password Manager is automatically installed with Trend Micro Maximum Security.<\/a><\/p>\n

The post Why it\u2019s Time to Switch from Facebook Login to a Password Manager<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Trend Micro| Date: Thu, 27 Dec 2018 16:42:43 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Social media sites are increasingly the focus of our digital lives. Not only do we share, interact and post on platforms like Facebook \u2014we also use these sites to quickly log into our favorite apps and websites. But what happens when these social media gatekeepers are hacked? Awhile back, Facebook suffered a major attack when…<\/p>\n

The post Why it\u2019s Time to Switch from Facebook Login to a Password Manager<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[19627,11347,20544,20545,666],"class_list":["post-14194","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-facebook-hack","tag-password-manager","tag-single-sign-on","tag-social-media-security","tag-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14194"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14194\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14194"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}