Jayden K. Smith: Separating security fact from fiction

A couple of weeks ago, the Internet was in a bit of an uproar, as a warning about Jayden K. Smith went viral. According to the message, accepting a friend request from Jayden K. Smith would allow all of your contacts’ Facebook accounts to get hacked. The “warning” was a hoax as there was no hacker named Jayden K. Smith, but the fact that it went viral reflected the fact that many people don’t have a solid understanding of how internet security works.

Can your Facebook friends hack your account?

The Jayden K. Smith warning read as follows:

Please tell all the contacts in your messenger list not to accept Jayden K. Smith friendship request. He is a hacker and has the system connected to your Facebook account. If one of your contacts accepts it, you will also be hacked, so make sure that all your friends know it. Thanks.

Beyond the fact that there was no Jayden K. Smith hacking Facebook accounts, the bigger issue at play is how a social media account can be compromised. Simply put, becoming Facebook friends with someone — even a hacker — doesn’t put your account at risk. According to Snopes, versions of this hoax date back to 2009 with varying names used along the way. But regardless of the specifics, it’s important to understand how your social media accounts — or your website — can get hacked.

A social media account generally can only be compromised when another person obtains your password. Without your password, someone would have to hack into Facebook’s servers and change your password. Though not impossible, it’s incredibly unlikely, so the most common way for an account to be hacked is by stealing your password.

How can your password be stolen?

Before you think, “Well, I just won’t tell anyone my password and I’ll be fine,” understand that there are several ways this can be accomplished.

  1. If you use the same password on multiple sites, if one of those sites gets hacked, the others could be vulnerable. The most common example of this happening was the PlayStation Network hack. In 2011, PlayStation’s servers were breached, exposing the email address and password of 77 million users. Some of those who used the same password for the email address they used on their PlayStation account also had their email accounts hacked. It’s advisable to use a different password for every account you have, but if you don’t, you’ll need to change your password immediately on all websites if one gets hacked. As we’ve mentioned before in our previous security tips, add a word to the end of your password describing the site where it’s being used for an easy way to make it unique. For example, if your password is MyPassword, use MyPasswordBank for your bank account and MyPasswordWordPress for your WordPress website.
  2. Your password can be stolen on a site that uses security questions if they’re easy to guess. Many websites use security questions to give you a way to reset your password if you’ve forgotten it. For example, the site might ask the name of your first pet or the name of the street where you lived as a kid. Some of these questions, however, are far too easy to figure out. One common security question is your mother’s maiden name. If your mother is on Facebook and lists her maiden name, don’t choose this question.
  3. Your password can be brute forced if it’s short. Many websites require you to use numbers and symbols, but the real key to a strong password is length. The fastest password-cracking methods can crack a 6-character password in less than a second even if they contain numbers and symbols, but would take about 20 days to crack a 10-character password. Of course, an even longer password ramps that time up significantly.
  4. Password-stealing websites can trick you into giving away your password. Known as phishing, this technique uses a fake website to trick you into thinking you’re entering your password into a legitimate website. The phishing site might be designed to look like your bank’s login page, a Facebook login screen, or even a WordPress login page. Confirm in your status bar that the website you’re visiting is what you think it is. For example, a phishing site might make a URL like facebook.someothersite.com to trick you into thinking you’re visiting Facebook when you’re not.

It’s important to remember to keep your passwords secure for all the important websites you visit — especially your social media accounts, email, banking, and your website. We’ve previously listed several other tips for keeping your website secure, but none are more important than carefully protecting your passwords.