You can't delete a facebook account, as far as I can tell, but you can change the data, the email, and randomize the password, which is pretty similar.
Seems to me like that's what they were talking about with the 'last words'
and thanks, I didn't know about that. I'm going to go do that now; I 'deactivated' my account some time ago and facebook is still spamming me, and people are still trying to message me on facebook.
I work on security at FB, and I suspect if someone actually tried this, they'd run into a fair amount of friction. A bunch of accounts logging in from a new place and immediately changing emails / passwords is pretty suspicious.
Even if they did get into the loser's account, I think we offer pretty good tools for the account owner to reclaim it even if the password or email have been changed.
4.8: "You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."
Much more importantly the least harmful thing to come from this would be FB account deletion. Chances are for most people that FB password is used somewhere else and more harm could come from it since everything an attacker needs to know about their victim is in their FB profile. I was going to mention that in my initial comment but it seemed obvious.
I never understood how it could get to the point where people would actually enter username and password for something on a completely different website... like e.g. those free SMS websites asking for your yahoo, facebook etc logins to "find friends" and then spam everyone in your address book and countless other sites doing the same thing.
Even facebook has a "feature" like that - does no one think about the implications when they do that at all??
> Even facebook has a "feature" like that - does no one think about the implications when they do that at all??
No, generally people don't and are not encouraged to enough, and I take it as one of the signs that facebook really doesn't care about security any more than it needs to in order to be able to give appropriate sounding lip service when they are asked a question.
Handing out your authentication credentials to a third party in exchange for a little convenience is more often than not a ridiculous action, and anyone who encourages such behaviour (by providing such a feature) is simply irresponsible.
> Handing out your authentication credentials to a third party in exchange for a little convenience is more often than not a ridiculous action, and anyone who encourages such behaviour (by providing such a feature) is simply irresponsible.
Yes, absolutely, exactly my point! But obviously it has not hindered lots of websites to STILL do that and obviously lots (or enough) people buy into it. THAT I cannot understand...
People are stupid. Well, at least most of them act it. And not just the "lowest common denominator" either: I've know otherwise well educated people not be cynical enough to understand why it might be a bad idea.
Half the time they just follow instructions without thinking ("enter your email and password here...") and sometimes they are easily swayed into following them "for convenience".
The only cure for many people is for them to get ripped off or otherwise inconvenienced as a result of such an action at least once. But there are still some who would never learn.
Yes, I should have said 'strangers' rather than Russians.
It's just that much of this sort of internet crime comes from Russia and other former soviet countries, most likely due to more lax laws, law enforcement and an inability for westerners to touch them.
28 comments
[ 5.1 ms ] story [ 72.3 ms ] threadSeems to me like that's what they were talking about with the 'last words'
and thanks, I didn't know about that. I'm going to go do that now; I 'deactivated' my account some time ago and facebook is still spamming me, and people are still trying to message me on facebook.
Even if they did get into the loser's account, I think we offer pretty good tools for the account owner to reclaim it even if the password or email have been changed.
4.8: "You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."
And you trust them to:
- not spam your friends
- not mine your details/friends details for data for phishing and other scams.
- not attempt to use your password (or variations of) on other websites.
Sounds like a smart thing to do.
Even facebook has a "feature" like that - does no one think about the implications when they do that at all??
No, generally people don't and are not encouraged to enough, and I take it as one of the signs that facebook really doesn't care about security any more than it needs to in order to be able to give appropriate sounding lip service when they are asked a question.
Handing out your authentication credentials to a third party in exchange for a little convenience is more often than not a ridiculous action, and anyone who encourages such behaviour (by providing such a feature) is simply irresponsible.
Yes, absolutely, exactly my point! But obviously it has not hindered lots of websites to STILL do that and obviously lots (or enough) people buy into it. THAT I cannot understand...
Half the time they just follow instructions without thinking ("enter your email and password here...") and sometimes they are easily swayed into following them "for convenience".
The only cure for many people is for them to get ripped off or otherwise inconvenienced as a result of such an action at least once. But there are still some who would never learn.
It's just that much of this sort of internet crime comes from Russia and other former soviet countries, most likely due to more lax laws, law enforcement and an inability for westerners to touch them.