0

Background:

I found that it is not possible to create a fake Facebook account to be an admin for my Facebook app. Or to make a business account the admin for a Facebook app. Here are three stack overflow questions that state I must use a personal Facebook account linked to a real person in order to create an app:

I have heard stories about peoples personal Facebook being hacked via social engineering. If my account were compromised it would also compromise my app.

Question:

Since this question is on the verge of being subjective I will try my best to ask specific questions.

  • In order to reduce the likely hood of a successful social engineering attack I will want to make it hard to figure out which account is linked to the app. Is it in violation of Facebook's terms and condition to create an account with my name and birthday, but showing a location from which I don't live?
  • Can I add two factor authentication to access my Facebook app's admin panel?
  • Does Facebook or any other site have statistics for how often a Facebook app is compromised to social engineering?
  • Does Facebook offer a program that my company can enroll in that would allow us to manage our app through a non-personal Facebook page?
  • Are there any documented strategies for protecting my Facebook App from Social Engineering? By documented strategies I am asking about strategies that have been written about and are in use by many companies; I do not intend for this to be an opinionated brainstorming session or a discussion.

Thank you so much for your help!

Community
  • 1
Joel
  • 103
  • 2
  • Just make sure you don't use such account in day to day work. While you use it don't go to any websites at the same time. I did some research on Facebook Security and I can tell you Facebook will not make it easy for you to make it more secure just yet although I am writing to them about this issue. – Aria Jul 30 '16 at 20:05

1 Answers1

0

You didn't state how big is your company or how many people will have access to the Facebook account, so I'll try to answer based on the rather broad information you provided.

First of all - Social Engineering in general isn't too hard to prevent, it all comes down to the training you give to your staff. Teach them that they're not supposed to provide any secret information - account names, passwords, security questions, etc to anyone without receiving your permission. Here's an article that discusses this topic.

Second of all, as was mentioned in the comments - don't use an everyday account. Create an account that will be used purely for managing the page and known only to the staff that are supposed to manage the Facebook app.

Finally, you need to enable as much security as possible. Use a complicated password (I actually wouldn't recommend a Password Manager here if multiple personnel can access it, as that increases the likelihood of one of them being victims of social engineering) with upper case and lower case letters, numbers and special characters (see Computerphile's recent videos on this, they do a good job covering the topic). Also, enable two factor authentication when logging in to the account.

Tom
  • 880
  • 1
  • 7
  • 14