Is a very strong password enough to protect my Facebook account from being hacked?

Osama Javaid May 8, 2012

If I use Facebook only on my antivirus and firewall protected computer, with HTTPs enabled, using no spam/malware type app, without clicking on any unknown links and also have a very strong password (for example g5Y&rsxV@h7Bt8jI6rVxQm8H$vk0v5), can a hacker still hack my account ?

I heard some people saying that they have friends who can hack ANY Facebook account and I simply deny that claim. Am I right in denying their claims if I keep in mind all precautions and have taken all these security measures into account?

  1. ummair
    August 2, 2012 at 10:57 pm

    please no one will know my password and username

  2. haoney artist
    July 10, 2012 at 12:53 pm

    ya there are lot of software which creates password but you can also do by using number,letter uppercase and lowercase and you some code like this !@#$ that kind of or use captial letter

  3. elmo533940
    May 12, 2012 at 6:24 am

    I am using Chrome which has been set in the properties window to open incognito. Supposedly this keeps cookies from being planted in my computer for tracking purposes. Google also claims to use 128-bit encryption. I use Avast, McAfee, and IOBits antivirus programs plus spybot. It is virtuall impossivle for others to plant things in the computer. However I have just had my second Yahoo hacked. The problem is with the places i go to and the services I use.

  4. GamerJunkdotNet
    May 12, 2012 at 5:17 am

    It comes down to human error as well. If you enter your password into a website that is claiming to be Facebook or click a link in a phishing email then your account could be hacked.

  5. Shawn
    May 12, 2012 at 12:38 am

    yes, your facebook and most other online accounts can be hacked. the most common way is with backwork sniffing from a network ( wireless or wired | WEP or WPA ) there are very few ways to be truly secure unless you are using 3 step security across a hardened VPN to a protected site. its better to take reasonalbe steps of protection. if you have a "Strong" password it takes longer to type in and is easier to keyboard surf it packet capturing programs get get all kinds of fun things even if you think you have a secure connection just use best practices and keep an eye on your account.

  6. skujis
    May 11, 2012 at 1:49 pm

    Password strenght doesn't matter if the attacker doesn't need your password.
    For example, if you are using Facebook in a coffee shop which has a WEP-encrypted Wifi and you have not enabled the secure browsing option from Facebook options, Firesheep can be used to easily access your account.

  7. Reý Aetar
    May 9, 2012 at 7:22 pm

    are the facebook employees out there just sitting for nothing ??????
    just use a simple unique password that you can remember and dont share it with anyone.. keep it secret and set the recovery options carefully..

  8. Kannon Y
    May 9, 2012 at 3:42 pm

    I've met a lot of people who have had their passwords stolen for e-mail, Facebook (etc) accounts. In my experience, the three most common ways that are used to hack accounts are: (1) spoofing/phishing (2) keyloggers (3) saving passwords to the computer/having a jealous ex.

    After that there's some exotic methods of cracking passwords - some of which national intelligence agencies use (Stuxnet I think had a component used to steal passwords). Basically, the components that you use inside of a computer (particularly the wifi adapter) can have their firmware hacked and your passwords can be stolen even without ever having been spoofed/phished.

    In all honesty, I think if the government of Iran cannot keep its passwords safe, pretty much no one on this planet has a secure computer. Our best defense is in how little value our personal data has, relative to the resources required to hack our computers.

    The problem with Facebook, and other internet giants, is that they oftentimes suffer breakdowns in their own security systems. So again, even if you never get phished, your passwords can get stolen.

    In my opinion, a strong password for an online account is superfluous. Here's an example of how long it takes to hack a password:

    The required times to hack are are based on brute-force, and similar, methods (Rainbow etc...) so it's attempting to crack each password hundreds of thousands of times - however, most online accounts will disable your account after a handful of unsuccessful attempts to access it. So even a password like "1234a" is relatively secure.

    Here are a list of the worst passwords that probably do get brute forced:

  9. Aruzmeister
    May 9, 2012 at 9:30 am

    ya there are lot of software which creates password but you can also do by using number,letter uppercase and lowercase and you some code like this !@#$ that kind of or use captial letter ....

  10. muotechguy
    May 9, 2012 at 6:59 am

    Those people are lying, but there is always a chance they could get into your account using password recovery options, which are the weak point for any systems. Presumably, they would also need access to your email account though.

    • dragonduder
      May 12, 2012 at 12:50 pm

      Exactly, password recovery is probably the easiest way.

      My girlfriend's cousin just disappeared for a while so she was trying to hack her FB to find something about who she was with (her whole fam was worried). When she couldn't brute force it, I told her to try her email (since she knew her cousin's email address). She couldn't brute force that either, so I told her to try resetting it.

      Her pw hint was "favorite uncle" or something like that: my gf's father's nickname. She reset her email pw, then told FB she forgot her pw, allowing my gf to reset her FB pw that way.

      This is why I advise people to not be fully truthful with their pw recovery hints, but still put something they can remember. Also, try not to give out your main email address willy nilly: tell websites you want it private, and give out your secondary email address more often (I have like 4, so yeah...)

  11. Mike
    May 8, 2012 at 6:04 pm

    From a technical point both parties are right.

    Theoretically you don't even need a strong password - just something that can't be guessed (especially by someone who knows you e.g. your birth date).
    As long as you don't have any keylogger or malware on your computer, use a secure connection (https) and don't let people copy your browsers user data you should be fine.

    I'm not familiar with the security precautions of Facebook but I believe they have protection against brute-force attacks so even a 3-character-password could prove hard to be hacked.

    Having that said of course there is always the chance to get into someones Facebook account. If I recall correctly there used to be some rogue Facebook apps that did steal users credentials.

    Also, there is always the chance of a security whole either on Facebooks side or your computers side. If you look through anti virus tests you will see that none of them really scores above 97-98% which means there always is the chance of getting or being infected.

    Unless you are really paranoid and set your firewall to block ALL traffic you are also facing the simple problem that incoming connections may be blocked while outgoing connections are partially allowed.

    So theoretically one just has to create malware that is not caught by the 97-98% detection rate and program it to use the HTTP_POST operation to transmit your Facebook password to some server.

    * Once your Firewall allows your browser to access the internet HTTP_POST is also allowed.

Ads by Google