For brands, the last two days on Twitter have shown that social media is still the Wild West. Despite the public’s embrace of the technology—not to mention corporate America’s embrace—sites such as Twitter and Facebook remain dangerous for companies, as savvy and bored hackers look for outlets for the talents.
On Monday, Burger King saw its Twitter get hacked for hours. One day later, the Jeep account was hacked, although it managed to regain control rather quickly.
In a strange twist on Tuesday, MTV fake hacked its own account, resulting in a negative backlash from a number of people on Twitter. Don’t do that—just don’t.
What you should be doing is making sure your accounts are safe, especially for the inevitable meeting with a client or manager, who wants to know what you’re doing to keep their social media account safe. This guide will help you answer that question. It ran on
PR Daily earlier this month, but we figured it deserved a second look given the virtual break-ins of late. – Michael Sebastian, managing editor,
Protecting your social media accounts is vital if you don’t want them falling into the wrong hands.
Too often, we don’t put enough thought into simple measures such as passwords. How many of us have one or two general passwords that we use for all our accounts or the same four digit PIN for our smartphones?
It makes you realize how much trouble you would be in if someone learned of that password. It’s always better to be safe than sorry. Now is the perfect time to reconsider how you protect your accounts.
The first steps
You should have a unique password for every site you’ve signed up to. However, the mind can only retain so much. Realistically, the more sites for which you’ve signed up, the more likely you are to rely on the same few passwords to access them.
Chances are, you’ve created usernames for a number of sites, including social media platforms, email accounts, news sites, e-retailers such as Amazon and eBay, and more. Let’s hope you didn’t use the passwords, lest it creates a domino effect in
which cracking one account grants someone access to all of them.
You want enough variety so that if one account is hacked, there are enough measures in place so that your other accounts are safe. Make sure that’s the minimum you’re aiming for when you’re putting together an effective password.
All protection begins with the password, a staple of all our accounts. While most of us have a go-to password when we sign up for a new service, there are some ground rules to follow if you want to reduce the chances of someone accessing your profiles. It doesn’t eliminate the threat entirely, but it will help lessen it considerably.
1. Avoid brevity. Most sites require passwords to be six characters or more before they’re accepted. The longer you can make it, the better—more characters in a password makes it harder to crack. It’s recommended that your password be more than 12 characters (16-plus preferably) to lessen the chances of someone hacking it.
Regaining access to your social media accounts
2. Vary the characters. Using only one type of character in your passwords is bad practice, so don’t settle on letters alone. Use capitals, numbers, punctuation, and symbols to strengthen it. A good example is Apple and its user accounts. Each user’s password requires one capital letter and one number minimum. By incorporating rules like that of Apple’s, you’re making it harder for a person or machine to guess your password.
3. Add complex passwords to smartphones. Most smartphone users punch in a four-digit pin to unlock their phones. However, there are better ways to keep your smartphone safe. For iPhone users, create a more complex password by going into your phone’s “settings,” and then into “general,” where you will see “password lock.” Turn off “simple passcode”—this allows you to enter a more complex password. Android users have more options from which to choose. Along with the four-digit pin, you can select a nine-point unlock system, password, and face unlock system to keep your device secure.
4. Check your password’s strength. If you’ve come up with a few password suggestions, test their strength on HowSecureIsMyPassword.net. The site will tell you how long it will take for a desktop PC to crack your password.
5. Use your phone or tablet as storage for your passwords. You know that note taker on your phone? It’s also a handy way of storing those hard-to-remember passwords. You will always have your phone on hand, so referring to it for accounts that you’ve recently created is good if you take the right precautions: keep your phone locked with a strong pin (see No. 3) and bury those passwords deep in your phone’s memory. Put your notes in folders, keep most of them separate, or mix them into other notes or files. Don’t mark your notes as anything that would imply that they are passwords or say which accounts each password is for.
6. Log out. It doesn’t hurt to log out of a site when you’re finished. The worst thing you’ll have to endure is a few extra seconds typing in your password. The alternative is letting the person who stole your computer access all of your accounts, making those extra seconds a small price to pay.
While most social media accounts follow the same protocol when an account is compromised or hacked, there are ways to regain access to them. If you’re having problems accessing one of your accounts, here’s what you should do:
• Facebook. If you’re unable to access your account, the first thing you should do is go to Facebook’s hacked section. If you’re signed in, just follow the instructions to secure your account. However, if you’re not signed in, or you can’t sign in, send a report through this page saying that your account has been hacked. When you regain access to your account, review all apps on your profile in case one of them was responsible for the problem.
• Twitter. Twitter doesn’t have the same security features as Facebook, so the only thing you can do is change your password. There are two ways to do this: If you can log into your account, go into “account settings” and access the “passwords” tab to change it. If you’re unable to log in to your account, you will need to request Twitter change your password through the home page. When you’ve regained access to your account, review and remove any apps that might be suspicious, and delete any spam tweets or direct messages that were posted to your account.
• LinkedIn. LinkedIn follows the same principal as Twitter, enabling you to change your password by requesting it through this link. Much like Twitter, a link to help change your account password will be emailed to you.
• Google and YouTube. If one of your Google accounts has been compromised, it’s safe to assume that all of your accounts are in trouble. In that case, all of the many Google products tie into this dashboard—if you’re having problems signing in, go to the sign-in page and click on “Can’t access your account?” where you can get either your username or your password. If your account’s been compromised, you will need to click on “help” at the bottom of the page and report the problem. A good idea would be to sign up for Google’s two-step verification process. This uses both your password and your phone to keep your account safe.
If you want to add an extra layer to your password protection, there are a number of password managers to help you. Here are three worth considering:
Cost: $24.99 and up, although there is a free 30-day trial.
Platform: Mac, Windows, iOS, Android.
One of the most popular password manager apps, 1Password helps users create strong and unique passwords for their accounts. As well as remembering and storing them in your Web browser, it ensures that your accounts are protected and only requires you to use the one master password to access them. 1Password also makes good use of the cloud to keep it in sync with all your devices.
Cost: Free (but with limited options) to $12 a year.
Platform: All desktop and mobile platforms.
Similar to 1Password, Lastpass generates and saves passwords so that all of your data remains safe. The freeware version is good enough to justify trying it out. Opting for the paid version will provide you with extra functionality such as syncing across all mobile devices.
Platform: All desktop browsers.
KeePass is a free open-source program that punches above its weight. With a wide range of features such as multiple user keys, password groups, and database transfer, it’s definitely worth considering—especially because it’s free.
Quinton O'Reilly is a writer of social media/tech stuff for Simply Zesty, where a version of this story first appeared. Follow him on Twitter at @qoreilly.