Facebook spammer

You need two things:

1) A password safe (vault) (manager)

2) 2FA (Two Factor Authentication)


For the password vault I recommend Bitwarden or if you're computer savvy and willing to backup its database all over the place, Keepass. By far the easiest would be Bitwarden. If you or someone else decides to use Keepass, then use ChaCha20, Argon2, iterations at least 100, memory at least 10 MB and parallelism to 1 for the database. And that one sole password for all your passwords in the Keepass password safe better be something like, theRatisgoldwithbluestripes54# Just make it one crazy ass sentence like that, add numbers, at least one upper case letter and at least one symbol. Some people will say length matters, but in actuality, length and complexity matters... Or what she said. LOL Reason why I say this is because I've cracked passwords for testing including a Keepass vault so I know what'll stop that from happening. And if you enter a password in Keepass it'll use its algorithm to give you some bit entropy. More bit entropy the better of course.

Now for 2FA. I highly recommend Authy. Authy is available for all platforms that I know of. Windows, Android, iOS and I think there's still a Chrome extension. If you use Authy, install it to ALL devices. And never, ever, EVER forget your backups password. It'd be wise to store that backups password in your password safe and maybe written down somewhere. Though, I don't recommend that. Just keep it in the password safe.

Now once you got Authy going you'll want to go into the website's account settings to add 2FA. Be it box.com, Amazon, eBay, PayPal or in this case, Facebook, and turn on the option for an authentication App. Amazon calls it an OTP (One Time Password). They'll give you a QR code and usually a long number. The number can be copied and paste into the Windows Authy program to add the 2FA for that website. With the QR code shown you'd just open the Authy App in your phone, go to the option to add an account and hold your phone in front of the QR code to add the account. Now the website you're adding 2FA to will ask you or should ask you to enter two of Authy's generated codes in succession. Once that's complete all future logins will not only need you to enter your username and password, but a 2FA code that is randomly generated from the Authy App. Read here: Welcome to Authy! – Authy Coinbase in their infinite greedy BS wisdom ditched Authy. That pissed my off so bad I got an Electrum wallet instead. But that turned out to be a nightmare of high fees unless you know how to use it. I may just get a massive HDD and download the whole damn blockchain for a cold storage Bitcoin wallet.

At any rate. Once you add 2FA accounts, make sure you go into the Authy App settings and turn off the 'Allow multi-device' option. And make sure the 'Backups' option is on. The reason why you want to turn off 'Allow multi-device' is so that some hacker can't add your Authy account to their phone or what ever and hijack your account. This option is only available in the App. Not in the Windows Authy program. So if you want to install Authy to another device or computer, you'll need to temporally turn on 'Allow multi-device', install Authy on that device and then turn the 'Allow multi-device' back off again.

You'll want to avoid SMS authentication if you can. If that's all the website offers then I guess it's better than nothing. But there is a thing called sim card hijacking and that's why SMS 2FA is flawed. Email 2FA is a little better but still not great. To think the mighty bank JP Morgan Chase use crappy email for 2FA. Unreal. They can't afford to pay for the Authy API!? Pfffft.

Read here: What is two-factor authentication and how does it work on Facebook? | Facebook Help Center

Note: Many websites that offer 2FA may give you some one time use backup codes in case you lock yourself out. Store those backup codes in a safe place, like your password safe! Again, do check out Bitwarden. I've read about most of all the popular password managers out there and by far the best I ran across was Bitwarden. Read all about it here. (I just have my mom use a free account...).

Edit-

Never use OAuth. What is OAuth? It's that utter stupid lazy crap where you can use your Facebook account to log into other websites. This is absolutely rife for failure on so many levels because you now have a single point of failure in terms of getting owned and tea bagged, i.e., your accounts jacked. Don't be lazy and use OAuth for everything with a stupid Facebook account. Use a password manager like the aforementioned Bitwarden or Keepass to create complex and unique passwords per website. Don't say I didn't warn you. Wanna know how it's done? Read here. Remember, I did warn you. Don't - freaking use OAuth. By in large the best damn 2FA you can use now beyond even Authy is something called a YubiKey. Yubico | YubiKey Strong Two Factor Authentication It is a physical piece of matter so guard it well. I'm sure there's a way to clone the RFID it uses. Or maybe it's a NFC (Near Field Communications). Just a random search. YMMV (Looks like those Amazon links are affiliate links. Amazon.com Associates Central)

Instagram is owned by Facebook and you can login with instagram password or facebook a lot of apps let you login to instagram and then post to facebook so you need to change that password as well

I wouldn't put it back.

Today my account got locked. Facebook asked me to identify some pictures and I got it wrong so it's locked now.....It is because of the same spam....I did use a different email address though so maybe it is something more serious like a virus on my computer?

Because I used a new email address and i was still affected, i am scared to login my other Facebook account thinking the same thing might happen again because i'm thinking maybe i have some sort of virus on my PC......What do you think?

It's possible but I'm not a malware expert.

I've asked for additional help. Have you tried contacting their support?