I'm about to go traveling to visit some family, and I've heard that Facebook will sometimes lock you out if you try to sign in from an unusual location. Is this true? If so, is there any way to avoid it?
I've never had a problem with that.
You can also enable the two step authentication like Google has, where it will send you a text message when logging in from an unrecognized location, thereby verifying your identity (or, at least, that the person hijacking your facebook account also has access to your text messages).
Never been a problem. My wife uses QQ though and it will flag her account if she logs in after travelling or signed in twice from different locations. Always have to shut it off when she travels to China.
She can get on facebook in china?
No, QQ is China ICQ or MSN.
Ah. sorry, I skimmed that bit.
Facebook may put you through an increased security login flow if you log in from an unrecognized location. If you are bringing your laptop with you, this shouldn't be an issue, since it will be a recognized machine (due to the cookie that is in that machine). You can also enable login approvals to get a text message with a code to use as a second password (this is practically a guaranteed way to prevent your Facebook from getting compromised unless you also lose your phone). Check out your account security settings.
If you get the increased security flow, you may be asked to fill out a social captcha (identifying photos of your friends). We definitely won't lock you out of your account, though. Remember to enable https!
There's a neat overview of some of the security feature's we've got available in this infographic.
If you get the increased security flow, you may be asked to fill out a social captcha (identifying photos of your friends).
A significant number of my friends use pictures that aren't of themselves. In fact, out of 147 friends I have, I probably couldn't identify more than a dozen by their picture alone. Less than 10%. And I've heard this complaint from literally everyone who has talked about this security system.
I feel really bad, though, for those people who have over 1,000 friends because they add literally anyone who sends them a request.
A significant number of my friends use pictures that aren't of themselves. In fact, out of 147 friends I have, I probably couldn't identify more than a dozen by their picture alone. Less than 10%. And I've heard this complaint from literally everyone who has talked about this security system.
Yeah, that was a big hiccup in the implementation. I believe in the last year or two it was changed so that it only asks for responses from photos that it can recognize a face in.
Seriously, set up login approvals, and you're done. That's the single best way to have a secured account. The second best way is to have a good password. I recommend picking three or four words at random from your screen right now and using them as your password.
If you want to try to trigger the same flow as you might encounter while traveling, this link manually turns on the increased protection.
I recommend picking three or four words at random from your screen right now and using them as your password.
Not a bad idea! I think I have a new password: "ifandasthe".
And add some padding as well so you have a long, easy to remember password.
So Thomas could use "ifandasthe.1234567890.1234567890"
Not a bad idea! I think I have a new password: "ifandasthe".
Dictionary attack, knowing that it's lowercase alphabetic only: 1.4 * 1014 ~= 4000 years
Put spaces between the words (and attacker knows it has spaces and lowercase letters): 4 * 1018 ~= 128 million years
Attacker knows it's 4 common (top 10000) words with spaces: 1 * 1016 ~= 316 000 years
1000 guesses / second is conservative, but you can scale this as you like. It's still a pretty secure password I generally pick words from the headlines of news sites, which might be less secure if you have knowledge about the day I changed my password, but still only slightly. If I did what I said to do right now, my password would be "hide internal Thomas seconds". Makes perfect sense.
most sites probably won't accept that as a password though. its too "insecure". IE: Its easy to remember (doesn't contain capitals, numbers or symbols).
"hide internal Thomas 2nds."
It already had an uppercase T, and I moved the period into it.
When I was on my epic travels last year, I accessed fb in two ways - using my iPhone's fb app, and Internet terminals. With the iPhone, I was able to access fb per normal, but when I logged into a terminal, I had my fb security settings set to notify me that I had logged into an unknown device. It is possible to set fb to make you have to reply to a text or email to complete the login, but I didn't try it - partially because I didn't want to risk being locked out, and partially because I'll be charged roaming-charges if I reply to texts in countries where I don't have a native SIM-card.
AE.
If so, is there any way to avoid it?
Don't leave your house.
They used to show you pictures of friends and make you pick the name of the friend. But often profile photos are random stuff like feet and cats -- so the whole thing was just f'ed up. I ended up proxying to America to reset everything, tooks days and was a huge pita. Made worse because when traveling one of the things you want to do is post pictures to facebook .
Pro-tip: A number of Asian countries just use dns blocks on facebook etc. If you set your dns server to something else you get the whole internet again. Google's dns server is 8.8.8.8
most sites probably won't accept that as a password though. its too "insecure". IE: Its easy to remember (doesn't contain capitals, numbers or symbols).
Yeah, my corporate AD policy is the same way I just 1337-ify the first word and toss a punctuation at the end. it works as long as there's nothing really asinine (no spaces allowed, maximum length).
It is possible to set fb to make you have to reply to a text or email to complete the login, but I didn't try it - partially because I didn't want to risk being locked out, and partially because I'll be charged roaming-charges if I reply to texts in countries where I don't have a native SIM-card.
Use the Google Authenticator (HOTP) feature, because it's awesome
Don't leave your house.
That's my usual plan.
I'm not having any problems so far. Even logging in from my cousin's computer.
I got 99 problems... facebook ain't one of them...