This morning, I got an alarming note from a friend: Moroccans are experiencing phishing and other account defacements on Facebook, similar to what happened last year (and in January) in Tunisia (en Francais). I asked my friend if Moroccans had HTTPS available, and he explained, “yes, but the problem is Internet illiteracy.” Thus, we decided to quickly publish a few tips for activists using Facebook in Morocco (the piece will be available in French shortly). If you have any suggestions to add, please leave a comment and I’ll incorporate them.
1. Choose a strong password.
The easiest way for someone to gain unwanted access to your account is by figuring out your password. A strong password is a combination of uppercase and lowercase letters, plus numbers and symbols. The password should not contain things that are easy to guess, such as your name, a pet’s name, your city, or your school. It should be at least 8 characters long. There are precious few resources on creating a strong “mot de passe” but here is a good English source.
2. Use HTTPS.
Facebook recently rolled out HTTPS to all of its users, including in Morocco, but that selection is not default. To turn on HTTPS, go to “Account” in the upper-right corner of Facebook, then select “Account Settings.” Click “Account Security” (3rd from bottom) and check the boxes that say “Secure browsing (https)” and “When a new computer or device logs into this account.” The first will provide you with encryption, the second will send you an email when someone else has logged into your account.
HTTPS Everywhere is a great tool that works with Firefox and encrypts your communications with lots of major websites.
3. Be cautious of Facebook’s increased security choices.
Facebook allows you to increase your security in three ways: By adding a secondary email address,adding a mobile phone to confirm login, and by adding a security question. The first option is great. The second two come with problems: First, if you add a mobile phone to confirm your account login, you must also be cautious about your mobile’s whereabouts. If your mobile is stolen, it may be possible for someone to use that information to gain access to your account.
The second concern is the security question: Though security questions are a good thing and can help to prevent others from gaining access to your account, you must be careful to choose an answer that no one else knows. For example, if the question is “what is the last name of your first grade teacher?” you would be safer giving a fake answer that only you know. If you give the genuine answer, any of your first grade classmates could potentially gain access. And never give an answer that is public information.
Have tips to add? Leave a comment.