2 Geek Girls, 1 Nerdy Guy

Part One: Why Your Passwords Are Hackable

This post is Part One of Three. Part One will discuss passwords and password formulas and basic hacking. Part Two will talk about the most used (not the most common) pet names. Part Three will show you how to make a good password that you don't have to remember.

As much as you have read that you shouldn't use your passwords more than once, it's human nature. Everyone does it.

By the time you are done reading all three parts, if you don't want to change the passwords that you use on your websites, then we can only assume that:

you feel 100% safe because you have chosen the perfect passwords OR
you already use your passwords only once, OR
you are lazy, OR
the job is too big because of how many passwords you have to change, OR
you don't care about your online security

Hackers are able to hack so many accounts
because users choose weak guessable passwords

When users think that their chosen password is the absolute best password ever that no one will ever guess, this makes them feel so secure so that they are more likely to use it on more than one website.

The longer they go without an intrusion or a hacking scare, the more likely they are to not change them for long periods of time because they assume if nothing bad happened all this time, then there is no reason to change their passwords.


The Top Reasons Why People Re-Use Passwords

People re-use passwords for a variety of reasons, the most common one is that it's easy to remember. The average online user:

changes their password every three to five years
will not make up a new password and instead will re-use one that they have used in the past
often keeps a list of five or more passwords they have used for years and they recycle them whenever they change their password
likes to pick a new password from something old, something that is familiar

Humor us and take a look at these lists of passwords and password formulas.

If your password (or a variation of it) is on any of the lists, and if you have used it on more than one website, then you seriously need to consider changing it or, at the very least, enhancing it to make it stronger.

These lists are commonly used passwords as defined by experts which are the most hackable. We admins have seen these passwords used by hacked accounts that we have helped to recover.

In no particular order, both with or without capitalization and with or without a mixture of numbers, letters or symbols:

Examples of Bad Passwords

the word "password" in any format
username or myusernameis
00001234
yournamehere
password123456
qwerty
letmeinnow
asdf_jkl;
numbers in sequences: 987654321 or 123456789
abc123
dragon
admin1234
starwars
helloitsme
mypasswordis
JFK11221963
11111111
charlie tuna
youvegotmail
barack obama
the word "welcome"
donald trump
mactheknife
facebook1234
hilary clinton
q1w2e3r4t5y6
abcdefg or abcd1234
the words "iloveyou"
the words "your name here"

Examples of Bad Password Formulas

city of birth (belonging to you or a family member) and a birth year
a pet's name, no matter if it is your pet or not
your first, middle, maiden or divorced name or an immediate family member
your child's name - first, middle or last
a favorite sports team's name or mascot's name
dates that are important to you with or without a year - an anniversary, a birthdate of you, a child, a spouse, pet's birthdate, a relative's death date, a graduation date
a favorite holiday of the year
a favorite vacation spot
your honeymoon destination
your present city
a present or former street address of yours or a close family member

Geez, I guess you're thinking that there's nothing left.

There is, but you have to put on your thinking cap.

Before we go further, we want to point out the obvious and that is how a hacker gets any of the above information in the first place.

As much as we don't like to blame the distraught Facebook user who has been hacked, it's usually his own fault that he has been hacked because of his privacy settings, or lack thereof. Leaving personal information exposed - like a present city of residence, locations of past schools jobs - these give the hacker enough information to steal the user's whole identity.

Remember: Facebook doesn't "need" to know where you went to school, where you work, and the names of relatives, which by the way, they connect to you with 'live' links to their Facebook accounts. Facebook will ask, but they don't need it.

So take a look at your Facebook settings, and hide or remove any information in the bio, introduction, "about" section, timeline posts, and comments that provide personal information so that a hacker can pick you out among a list of people with your same name.

How People Find You

When anyone wants to know information about you, the first thing they usually do is check to see what you have exposed on social media. They will check for accounts on Facebook, Instagram, Tumblr, and other social media accounts. Then they will type your name in Google's search box with your zip code or city.

You would be amazed at the wealth of information in the search returns. Sometimes there's stuff you thought no one knew because you kept it private.

The results also give them links to your social media accounts and any websites or blogs you might own, have contributed to, wrote as a guest blogger, or left comments.

There is one site, Radaris dot com that provides far too much information, including your current phone number and email address. Their terms of service states that the info can only be removed from their site by you after you prove your identity to them.

A word to the wise. You might be motivated to follow their process to prove your identity because your eye is on the prize of having your information removed from their website. But you have to keep in mind that these websites also sell information which means you don't know how many times your info has been sold or how many sites already have it.

Don't get conned by believing they will remove your information from their site because sometimes the hoops you have to jump through to get them to do that are not worth it. I looked into it to see what they would require as proof and I chose not to follow through because proving my identity meant uploading my photo driver's license. That is the one piece of information you should be guarding with your life because it irrevocably links your information to the picture on Google and other search engines as well as facial recognition programs.

Since the photo driver's license was one piece of information I pretty much knew they did not have, I wondered what they would be comparing it to in order to verify my identity.

So guard it with your life and don't give it to any website so they can further link you to their search results or sell it as a "premium" with other information.

Besides, if they do remove your information from their site, there's no guarantee they won't put it back on their site again, so tread lightly.

Within the search results, there are always advertisements but they are usually advertisements with an ulterior motive. While most users skip over the ads, sometimes there's a fact in one of the ads that might catch your eye enough to raise your curiosity. That's because the ads are geared to show certain key facts about you that are absolutely true, to persuade a user to click on it to investigate. Nine times out of ten, it is a con, but most people are curious and will click on the ad.

Once you do, the webmaster or website moderator can see who you are, where you are located and all the information that is attached to the account you are using.

If you are new to their website, a login box will popup to ask you to create an account. It goes directly into their database and is compared against any info about you that they already have and if they see anything different, they will use it to update their records.

This is another reason why we always teach that you should Google yourself once or twice every month to see what Google is telling searchers about you. If there are any surprises, you might be able to take action.

After the ads, the rest of the results will include tracking sites like ancestry.com, truthfinders.com, radaris.com, and intellius.com. These sites provide a lot of information about you and they didn't even have to hack you to get it. It is all available online for free - compliments of the Freedom of Information Act (which in our opinion is one of the worst infringements on our privacy).

This law allows anyone to see key details about your life such as your credit rating, important dates like birthdates (with or without the birth year) email addresses, former residences, etc. for not only you but sometimes your immediate family members too, your past and present employment, schools attended, and graduation years, if you have a mortgage and with whom, etc.

This law is how most of those sites collected your information so they could use it to populate their websites. Without it, they'd have to resort to other tactics to gather the information or they wouldn't have a website anyone would want to use.

The search results from Googling your name are similar to the information that we showed above for a password formula:

your birthdate, some portion of your social security number with the rest "blacked out;"
any other names you now use or have used in the past, your credit rating, dates like birthdate or just the birth year, your schools and graduation years, your mortgage company, if you have a car loan or lease and whom you pay;
your marriage and divorce date;
names and/or birthdates of your children, their ages, their names and addresses of spouses or significant others where they have had mail sent to their addresses;
your former and present phone numbers and mailing addresses; (Two sites have a list of all your neighbors, their addresses and their phone numbers)
your former and present employment including dates and addresses;
if you are affiliated with any websites.

A hacker doesn't need all of the information found in search results. He can target his next victim with minimal information such as:

your birthdate OR
a phone number (as seen on your Facebook account)
your present location with or without an actual street address (a zip code or city is enough) OR
the name and location of your high school.

All hope is not lost. You do have some options to protect yourself which we will explain in the next two parts of this series.

Please share our link with your friends so they can enjoy our websites too. Thank you for stopping by.

Part Two: Most Used Pet Names Passwords

This post is Part Two of Three. We will discuss the use of pet names as passwords and give you a list of the most used pet names.

Many people use their pet's name, or some variation of it, as their password. When they change their password, they stay "with the theme" which means they keep using their pet's name but may change it slightly, for example, adding symbols or numbers to the name. t

There are users who keep a short list of "My Frequently Used Passwords" so when they change their passwords, all they do is rotate or shuffle them so that those are the only passwords that they ever use.

We all love to show pictures of our pets on our social media accounts, especially when they do funny things. But using a pet's name as part of your password is not the best idea, especially if you mention the pet's name when you are flashing their pictures.

An alternative is to add numbers and symbols to make the password harder to hack which is good, but in some cases this is also not the best solution because people tend to add 12345, or their address, their phone number, birthdate, pin number or other significant number.

Don't do that.

The following list is not a list of the most common names that people name their pet. It is a list of pet names that are most used as passwords and are also the most hackable.

<img src="Hacker.png" alt="successful hacks">

It's a happy day when a hacker has guessed a password

If your pet's name is on the list, you should consider not using that name anymore and make a different password. We'll give you some more examples in Part Three.

In alphabetical order, the most popular pet names used as passwords are:

Apollo
Atticus
Baby or Babe
Bailey
Bandit
Bear
Beau
Bella
Benji or Benjy
Benny or Bennie
Biscuit
Blade
Brady
Brandy
Brutus
Bubba
Buddy
Buffy
Buster
Butkus
Caesar
Cat
Champ
Charlie
Chico
Chloe
Cinnamon
Coco
Cookie
Cooper
Cowboy
Daisy
Dakota
Diesel
Dog or Doggie
Dollar
Dolly or Dollie
Drax
Duchess or Duchy
Duke
Elvis
Fido
Fred or Freddie
Ginger
Gizmo
Gracie
Gunner
Harley
Harry
Izzy
Izzy
Jack
Jake
Jaws
King
Kitty
Kono
Lady
Ladybug
Lex
Lily
Logan
Lola
Lucky
Lucy or Lucie
Lulu
Luna
Maddie or Maddy
Maggie
Manny
Max
Maya
Micky
Midnight
Milo
Minnie
Missy
Misty
Molly
Monk or Monkey
Muffin
Oliver
Oscar
Peanut
Pearl
Penny
Pepe
Pepper
Plato
Prince
Puff or Puffy
Queen or Queenie
Quinn
Ranger
Raven
Rocco
Rocky
Romeo
Rover
Roxy or Roxie
Rusty
Sadie
Sam or Sammy or Samantha
Sandy
Scooter
Scout
Shadow
Sheba
Simba
Smoky or Smokey or Smokie
Snow or Snowy
Sophie
Spike
Stella
Sugar
Sully
Sushi
Sweetie or Sweety
Taco
Tank
Teddy
Tiger
Tigger
Tracker
Truck
Tucker
Widget
Willie
Yugo
Zeus
Ziggy
Zoe or Zoey

Is your pet's name on the list?

Continue to Part Three where we will show you how to make a good password that you don't have to remember.

Please share our links with your friends so they can enjoy our websites too. Thank you.

Part Three: Making Passwords You Don't Have To Remember

In Part Three, you will learn how to make a good password with a little trick to do so that you don't have to remember it.

<img src="Make Good Passwords.png" alt="">

How to make a good password

Tracking Visitors

Many websites track their visitors in some way, but it is usually confined to their activity while on their website. You'll know this is true when you see a banner or sidebar box showing the products or topics you just viewed, or when you get an email that you left an item in your cart that you chose not to purchase, or that the product was all of a sudden reduced in price.

Some sites slip extra permissions in the clauses of their terms of service (TOS), which most people don't read. They'll say by accepting the TOS that you are giving them access to your friends list. If they don't tell you this up front, you'll find out when your friends say they are getting many more popup and sidebar ads. It's all legal, as long as each visitor accepts their terms of service.

A strong password is not going to help you on those kinds of websites. The best you can do is to leave the site as soon as they tell you they want to access your friends list or if their TOS requests or permissions goes beyond the scope of using their site.

It is almost impossible not to accept cookies but you can and should customize your preferences and restrict their access to the least amount of your personal information.

How Did They Know That?

Some websites want their new visitors to create an account. When they come back on their next visit, usually they are required to verify their identity using multiple-choice security questions. The correct answer will always be one of the choices and the website will know if you select the wrong answer because they only choose questions with answers that are already public information, like the year/model/ or color of your first car; the street you lived on in a particular state; or the name of your grade school.

Just know if they used public information for their security check questions, then even an amateur hacker knows that information too and can hack your account in a heartbeat.

Passwords are also tracked on many websites. To remember screen names and passwords, many people tick the "Remember Me" box. It really is so easy - too easy - because if your computer is remembering your login information, then so is the website. How else will they know if you entered the correct login information?

Make It Long and Strong

A hacker assumes that you re-used the same password, or a variation of it, from site to site. Stop doing that because you are making the hacker's job very easy. The one thing that will make a hacker move on to other victims is if he has to waste too much time trying to crack your password.

Internet security experts say that the best passwords are between 18 and 26 characters long, with a combination of upper and lower case letters, sprinkled intermittently with numbers and symbols. Don't use a real word as any part of your password. If you do, then mix it up by inserting numbers and symbols after each letter.

If you use a short personal password that defines you, think about which of your friends and associates know that about you too. Then go change it to something else.

Your password box on each login screen shows an asterisk for each letter or number which tells the length of your password. If a hacker sees a lot of asterisks, he will know your password is a combination of random letters and numbers, will give up, and find someone else to hack.

Hacking is a time-sensitive activity. He must get into your account, steal it and get away as fast as possible.

Choosing Passwords

The most common passwords are the names of your pets, so it should go without saying that you should never use the names of your pets as a password on any website and certainly not on multiple websites. It's too easy to forget that you mentioned their names on a photo, or you talked about them on a blog, or in a comment on Facebook.

A hacker who figures out one password for one of your accounts will keep trying it because he hopes you used it on other websites too. Don't give him that satisfaction; use different passwords. If you must use familiar names and passwords, then add digits or symbols up to 26 characters.

Most people generally have a harder time choosing the beginning of their password, but adding numbers and symbols seems to be much easier.

So you might be thinking "How will I ever remember so many different passwords?"

There's an app for that!

In the early 2000s, the advice to remember passwords used to be to make up a sentence so the first letter of each word corresponded to each character in your password. The sentence idea wasn't the best because people who couldn't remember a password were expected to remember the sentence they used for each site.

Gone are the days when you had to write down your passwords in a notebook, or forward your newest change of password to your email for safekeeping, most likely put in a dedicated folder.

By the way, keeping your passwords in one of your email folders is not as safe as it used to be because emails tend to get hacked much more often than Facebook accounts.

The best way to remember your passwords is to let something else do the remembering for you - a password manager.

Some people shy away from this idea because they don't understand how they work or they don't want to learn something new. You will see that password managers are easier to use than you might think.

Password Managers 101

Anyone who has been hacked in the past may think they need to buy an expensive password manager, but it really isn't necessary.

Some add a few bells and whistles to make them more attractive or to validate their price. Some have built-in password generators to offer stronger passwords. Others protect your credit card and bank account numbers by offering encryption.

Today's most popular internet security measure is requiring two-step authentication where a code is sent to your email or cellphone before granting access to your information. This only works well if you have the same cellphone or email at the time they send the code.

We know one guy who set up his Facebook account with one phone number and ten years later when someone reported him so that his identity was called into question, the code was sent to a phone he no longer owned. He got his account back by answering security questions.

We know a gal who was locked out of her Facebook account because it was hacked. The phone number and security questions were no longer valid because the hacker changed them when he took over the account. She had to make a new Facebook account and try to get back hundreds of friends.

So for the two-step authentication to work, you have to change the information each time you get a new phone number or email address.

For purchasing password managers, the prices range from free to $100 and some are sold by yearly subscription. By the way, if you have a Norton virus protector, one of the features is a Password Vault which is free with your Norton purchase.

We don't like to wait for a code to get access to our information so for us, a password manager has to be simple and free. We don't think that paying for one makes it function any better. It either works or it doesn't. Your money isn't going to make it work any better.

The main idea is to keep all your "different" passwords in ONE place guarded by ONE master password.

So the first thing you'll need to do is to make one really terrific master password, preferably using 26 characters. After that, every time you create a new account or change a password, you will be prompted to save the login information to your password manager.

Which password manager you use depends on what you want it to do, how easy it is to use, and the way you want to access your passwords.

Review of Password Managers

In no particular order, here's a little info about the most popular password managers.

CHROME

If you use CHROME web browser, you don't need anything else.

The Perks: it has a built-in password manager that prompts and remembers your passwords as soon as you type them. All you have to do is sign-in to CHROME with ONE password. Then when you go to any website, your password will be auto-filled.

Another advantage of using CHROME is that your password manager and your bookmarks are available across all your devices as long as you are signed in to the same CHROME account.

The only downside is if more than one person uses your device, they will already be signed in to your CHROME and can access your password manager. So if you are the only user of your device, CHROME is a good choice. The link gives you step-by-step instructions.

LASTPASS

LASTPASS is a password manager and password generator. There are extensions available in your App stores for Chrome, Firefox, Edge, Safari, Opera, and Microsoft.

The Perks: It has two-factor authentication, automatic password capture as soon as you create a new password, auto form-filling, and a separate Secure Notes feature that stores bank account and social security numbers, etc. As with all password managers, you have to create an account.

Keeper

Keeper Password Manager

Keeper is available for Windows, Linux, MacOS, Android, IOS and has extensions in your App stores for various web browsers.

The Perks: Unlimited passwords, storage of your payment details and a built-in auditing tool that alerts you when passwords are used more than once, or if a password is particularly weak and needs to be made stronger.

Symantec Norton Identity Safe

Norton Password Manager and Generator

You don't have to buy a Norton Anti-Virus to get the Symantec Norton Identity Safe password manager because it is free in your App Store. It is both a password manager and a password generator.

The Perks: besides the security of having Norton's name on it, this password manager and password generator helps you to make strong passwords using prompts. It has a Safe Web feature to alert you to malicious web pages and an automatic password prompter to change a password whenever it is used on more than one website. You can either download the program or go to your Extension store to add it as an extension.

Enpass Password Generator

Enpass

Enpass supports these operating systems: Windows, Mac, Linux, IOS, Android, Chrome OS, and about seven others.

There is a pay version, but here are the Perks for the free version: Offers cloud backup, fingerprint support, password generator, web form autofill, and data import. It has separate vaults for personal, work, and family passwords.

The downside: Enpass limits storage for Android device users to 20 passwords, so if you are a heavy website user, you might want to skip this one.

LogMeOnce Password Manager

LogMeOnce

LogMeOnce password manager has a free and a paid version.

The Free Perks: Gives emergency access to photos only. There is a kill switch for wiping off data stored on any device that is stolen, and a secure wallet for storing credit card and banking information.

An automatic password changer prompts you to change passwords at timely intervals. LogMeOnce also allows you to add a person as a beneficiary who can take control of your account if something happens to you.

True Key (owned by McAfee)

True Key Password Manager

True Key password manager supports Windows, MacOS, IOS, and Android. It supports CHROME, Firefox, and Edge web browsers.

The Perks: You can sign in using 1) a password, 2) facial recognition, 3) fingerprint , 4) Windows Hello, or 5) two-step authentication.

You aren't required to have a master password if you use two-step authentication. It has a password generator to help you make stronger passwords, a digital wallet to store financial information, and it encrypts your login credentials if you use the manager on more than one device.

The downside: The free version only allows you to save 15 passwords, while the paid version allows you to save unlimited passwords. So if you have more than 15 passwords to store, True Key isn't for you unless you want to pay for it.

Dashlane

Dashlane Password Manager

The free version of Dashlane password manager stores 50 passwords but only for ONE device. You will need to put a separate Dash Lane password manager on each device.

The paid version (about $5/month in 2019) allows access on unlimited devices, an unlimited number of passwords, cross-syncing, and cloud backup.

The Perks: Dashlane is available for Windows, Mac, IOS, and Android operating systems. It has a strong password generator tool to help you make the best passwords, and emergency contact option if you forget the master password. Dashlane uses Secure Notes to store bank and credit card information.

The downside: the free version is only for one device, so if you only have one device, this is a good choice.

We know this three-part tutorial was a lot of information to digest at one time, so please read it over once, then come back later for another read. We hope this tutorial will discourage you from using the same password on multiple websites.

Please let us know how we are doing in the comments. Thanks for stopping by.

Facebook fined a record FIVE BILLION DOLLARS!

The Federal Trade Commission voted to fine Facebook $5 billion for mishandling users’ personal information.

This aggressive fine shows that regulators are not going to go easy on technology companies who do not safeguard the information of their users.

In addition to the $5 billion fine, the settlement said that Facebook had to agree to better management and safeguards on how it handles user data.

However, this settlement does NOT restrict Facebook's ability to keep collecting and sharing user information with third parties.

The $5 billion fine is not a done deal yet because it still has to get final approval from the Justice Department, but their record in the past has been to support any fines sanctioned by the Federal Trade Commission.

It may be of interest to some Facebook users that since the fine was announced, Facebook's stock price went up to $205 per share which is the highest it's been since 2018.

If the $5 billion fine is approved, this will be the biggest fine in history that the Federal Trade Commission has brought against a technology company.

Google had the highest fine previously when they were fined $22 million in 2012 by the Federal Trade Commission. In addition, Google was also fined $5.1 billion by the European Union for abusing its market share in the mobile phone market.

If I am not mistaken, any other country will also be allowed to fine Facebook, just as the European Union did with Google in 2018 if they can prove that their users were affected by the breach.

We'll see if this changes the way user information is collected, stored and used in the future. But don't hold your breath.

Things seem to always go back to the status quo, partly because the pockets of technology companies are deep when it comes to fines.

The rise in Facebook's stock price alone speaks volumes. Facebook can afford the $5 billion fine.

Whether they want to pay it or not is another matter.

What's your opinion on this newest fine? Comments welcomed.

Share our posts with your friends so they can enjoy our websites too. Thank you.

Source:
https://www.nytimes.com/2019/07/12/technology/facebook-ftc-fine.html

7-Eleven's Mobile App in Japan Has Been Hacked

On July 6, 2019, 7-Eleven in Japan reported that their 7Pay mobile system has been hacked. This is a mobile app available on APPLE and GOOGLE stores. You can read the complete post on our breach website at this link: Security Breach Updates.

Japan's 7-Eleven's 7Pay mobile app was hacked on July 6, 2019

Please share our posts with your friends so they can enjoy our websites too. Thank you!

FACEBOOK LOSES BID TO BLOCK LAWSUITS FROM USERS

FACEBOOK'S CASE:

Facebook told the court that they don't feel they should be held liable for the charge of failing to protect user information when their site was hacked on September 14, 2018.

Facebook lost to a US District Court Judge for his ruling on the class-action lawsuits against Facebook

Facebook lost to a US District Court Judge's decision on June 21, 2019

Facebook said that because no harm had been done to those Facebook users who already had their settings on PUBLIC (the setting where anyone can see their info) so therefore their private information was not so private and had not been stolen at all - it was freely provided. Facebook said that those users should not be included in the Class Action Lawsuit against them. If a judge agrees, this will eliminate several millions of users.

Facebook also claimed that there have been no reported incidents by users where hackers stole their financial info or passwords.

Facebook said that users who were not actually hacked should also be excluded from the Class Action Lawsuit. This will further eliminate many millions of more users

QUESTION FOR READERS:
Jeff Nelson, the guy in the picture below, truly is a hack waiting to happen because he is literally offering up his information (for free!) on a silver platter. If someone like Jeff exposes all their information, does that mean Facebook should be allowed to remove them from the class action lawsuit because their information was never private in the first place?

This guy is a hack waiting to happen

WTF???? How many people do you know have actually REPORTED TO FACEBOOK that they have been hacked?

Most people are too embarrassed to admit they have been hacked

Although more than half of Facebook's hacked users are too embarrassed to even talk about it much less report it to Facebook, and the other half of Facebook users typically write a Public status telling their friends and followers that they have been hacked.

Heads up! That status is NOT reporting it to Facebook. It is reporting it to your friends and followers!

When people don't report that they have been hacked, those statistics don't reach Facebook. An unreported hacking allows Facebook to continue to claim their site is safe.

THE JUDGE'S RESPONSE

On June 21, 2019, U.S. District Judge William Alsup disagreed with Facebook and said they should be held liable. He said that reasonable care was not taken in handling the personal information of 50 million or more Facebook users and that the breach also helps businesses who can profit by using the stolen data.

IN PLAIN LANGUAGE:

When Facebook was hacked on September 14, 2018, bad actors (hackers) were able to access the personal information of 50 million users -- such as their date of birth, phone numbers, location by IP address, names of trusted contacts, account recovery methods, private messages, and names of family member and the live links to their Facebook accounts. 

You may remember that some of this information is what Facebook insists that they NEED should you get locked out of your account. 

But, as you might have learned, Facebook really doesn't need all of it.

Facebook users volunteer too much information - freely. 

Facebook knew of the breach but didn't tell the public right away. They only got concerned when hackers stole each user's digital access tokens because the tokens allowed hackers to have unauthorized and unlimited access to Facebook accounts  - which amounts to 'hacking without effort.'

ABOUT DIGITAL ACCESS TOKENS

When stolen digital access tokens are used by unauthorized people, the real Facebook owners are not aware of another person's presence on their account.  

However, they can learn of it if they personally check "WHERE YOU ARE LOGGED IN" section to look for locations that are NOT their own. 

When you see different locations, it is safe to assume you have an intruder

When the hacker is the only one on an account after your password has been cracked, the hacker then changes the password to his own.  

Now the new password is recorded by the account's digital access token and your old information that was previously on the token is deleted because the new information overrides it.

This is why old passwords do not work.

When the real Facebook user tries to get back onto their account, the digital access token only remembers the last information that was keyed in as the true credentials to access the account. 

The 'remember login' function remembers by using a digital access token

Although hacking a user password is still the number one way that hackers steal Facebook accounts, the digital access token is what allows the hacker to keep the account so the original owner never gets it back. 

This digital access token is what works with the REMEMBER ME checkbox that Facebook offers to its users to be able to get onto their account by tapping a profile picture to login. The token has coding that remembers your login information so you don't have to manually type it in each time you want to login. 

The digital access token also allows a user to STAY logged in over a period of days, weeks, or months without having to log in manually each day.  

You will know this token is active when you see a list of "active sessions" of two or more logins showing dates older than today, and showing places where you are still logged in.

OUR TAKE ON THIS:

This is why we warn you NOT to log out by tapping the X  at the top right of your Facebook screen. 

The X does not log you out.  It only closes your Facebook screen.

You should be tapping the down arrow at the top right of your Facebook screen, then select LOG OUT from the drop-down menu.

We also tell you not to allow a long list of login sessions to build up because these are open sessions that anyone can use to get onto your Facebook account.

Allowing a list of logins to remain in place is an invitation to a hacker

In short, an Open Session means your password or user name is NOT needed to get on your account. Any open session can be used because you are already signed in. 

:::::SELF-TEST YOUR ACCOUNT:::::

After you turn on your device and get on the internet, if you can see your Facebook newsfeed or profile screen without typing in your user /password information  -- then you NEVER LOGGED OUT CORRECTLY.   

You are still logged in and have been all that time because of an Open Session.   

The fix?  Close the connection by going to - Settings>>>Security and  Login>>>Where You Are Logged In - and tap END SESSION on each session.  

Then log out of your account using the drop-down arrow and tapping the words LOG OUT.  Don't login again yet.  

First, change your password and then login to make a new connection.  When you are done, use drop down arrow again and choose LOG OUT.

WOW!

In another case, Facebook is preparing to pay $5 billion to the Federal Trade Commission (FTC)  that will pay off the US government to put aside Facebook's involvement of their owned app called What's App - and their knowledge of the app improperly sharing the personal information of millions of its users with Cambridge Analytica.  

Does that seem fair that you can pay a fine and it wipes your record clean of wrongdoing?  

You will remember that Cambridge Analytica is the company hired by Donald Trump presidential election campaign who used two separate third-party apps (What's App and nametests.com) to hack Facebook's vast database for a list of user names, addresses, phone numbers, work locations and their voting party in order to sway their votes away from Hilary Clinton so he could win the Presidency of the United States.    Yet this has never been labeled as election tampering.

In a separate case, Cambridge Analytica is still being pursued by the Federal Trade Commission for its involvement in the illegal activities of being the entity who provided the Trump campaign with user data.

THE JUDGE'S RULING

The judge ruled that regardless of each user's Facebook account privacy settings, that the Class-Action lawsuits against Facebook will go forward and in a timely manner. 

There are 11 class-action lawsuits which were consolidated into one case.  

There is another case which includes ten complaints about a breach of contract, negligence, and violations of unfair competition law.

Judge Alsup also said user concerns are worth “real money,” rather than “some cosmetic injunctive relief” - referring to Facebook's solution of logging out, changing password, and logging back in again - which, he said, is not adequate compensation.

Sources:

https://www.wsj.com/articles/facebook-privacy-settlement-delayed-by-ftc-split-11558725423

https://thehackernews.com/2018/09/facebook-account-hack.html

https://www.cyberscoop.com/facebook-class-action-lawsuit-moves-forward/

Please share our posts with your friends so they can enjoy our websites too.  Thank you.