It has been a busy few weeks in the Microsoft world!  Windows 11 is due out early next month, Microsoft announced a fleet of new Surfaces with a release date of October 8, the fall Ignite conference is just around the corner in early November, lotsa good stuff.  Rather than writing about these, however, I came across an article by our good friend Ben Schorr that I’m going to pass along instead.  If you don’t know Ben, he was the “Schorr” part of Roland, Schorr, and Tower.  I first met him in Seattle at a Microsoft MVP Global Summit a number of years ago; he was an Outlook MVP; I was a Windows MVP at the time.  These days, he’s a full time Microsoft employee and works in the Office 365 documentation department. While the article is about Facebook, it also applies to just about all online services that offer MFA.  It is not only highly relevant to today’s online world, Ben also asked that it be passed along, so, here goes:

Hi friends, your friendly neighborhood cybersecurity dude here. I've seen a few posts on FB lately from folks saying they've been hacked or that somebody out there is sending friend requests or messages to their friends, pretending to be them.

There are three easy steps to prevent this from happening to you. Here they are:

  1. Turn on 2-Factor Authentication. It's easy to do, it's free, it's in your Facebook settings. People tell me they don't want to do it because they think it's a hassle - but Facebook ONLY asks for your second factor if you sign in on an unrecognized device or app. I've had it turned on for a couple of years and can count on one hand the number of times I've had to provide my second factor.
  2. Go to your FB privacy settings and set "Who can see my Friends list" to either "Friends" or "Only Me". Leaving it on Public is how the bad guys create fake accounts and send invites to all your friends - they can see who your friends are WITHOUT needing to hack into your account. Change that simple privacy setting and that problem goes away.
  3. Go thru your friends list and consider removing anybody who isn't really your friend. Many of us went thru periods where we friended (or accepted requests from) anybody who seemed even vaguely familiar. But today that's a huge privacy risk. If you wouldn't bother to wish them a happy birthday, are they somebody who should see all your posts/pictures/etc. on Facebook?

Three steps, and you'll have a lot fewer security and privacy worries (at least on Facebook).

Please do it and share this with anybody else you think would benefit.

There you have it, a few simple steps that will make your online experiences a whole lot safer.  My two cents worth is do it NOW, the bad guys will not patiently wait around for you to come to a decision!