Imagine that you’ve spent the last five years building a following for your brand on a social media account. You’ve now got over five thousand followers and tons of engagement. You use your account to sell products to your audience. Your business is growing more and more everyday.
One day you try to log into your account and get a message that says the password you’ve been using for the past five years is incorrect, even though you know you didn’t change it. When you try to reset your password, it says the email address you’ve always used had been changed, too.
Then you get an email from an unfamiliar address: “I’ll sell you back your account for $3K USD.” That’s when you realize that you’ve been hacked. And the hacker is holding your social media hostage.
This happens more often than you’d think. Professional scammers figure out passwords to desirable social media accounts and take them over. They change the usernames and passwords. They start blasting SPAM messages to your followers. And then they try to sell your account back to you for the right dollar amount.
Getting hacked sucks. And social media companies aren’t always very helpful with getting you back into your account. So the best solution is prevention.
Use Smart Passwords
Dumb passwords are the cause of most of the world’s hacking problems. A dumb password is anything that you’re using because it’s easy to remember rather than hard to guess. This includes your dog’s name, your kid’s name and birthdate, or anything that is a word found in any language. The reason you don’t want these types of passwords is because anything you could come up with would likely be something someone else could guess.
Smart passwords have a combination of lowercase letters, capital letters, numbers, and special characters that don’t form any known word or pattern. Use a password generator if you’re having trouble coming up with them on your own. And change them frequently to keep everyone on their toes.
Don’t Recycle Passwords
When an Internet scammer takes your social media accounts hostage, the first thing they do is lock you out by changing your password. Password change requests generally requires the website to send you an email to facilitate or confirm the change. So the scammer needs your email password to complete the process. And if you have the same password for both accounts, you just made it a lot easier for them.
Every single password you use should be different. If you can’t remember your passwords off the top of your head, use a password keeper like 1Pass or Lastpass. You’ll just need to remember one very difficult password for the password keeper and then it will remember all the rest of them for you.
Enable Two-Factor Authentication
Now that you’ve got your password situation in hand, it’s time to add a second layer of security to your accounts — two-factor authentication. Two factor authentication requires a code or a token when your account is logged on from a device you haven’t authorized yet. You can get the code via text, authenticator app, or email. So if someone figures out your password, they still need a second piece of information to log into your account.
Just keep in mind that not every account will offer you two-factor authentication. Apps like Gmail, Yahoo, Facebook, and Twitter all have them. Instagram is still waiting to catch up to the others.
NEVER Give Your Passwords to ANYONE
You can have all the password protection that you want, but if you go around giving it out it won’t make a bit of difference. Phishing scams are common ways for scammers to separate you from your password. Remember that in most cases no one will ever email you asking for your password. And if you get an email asking you to log into an account, don’t use the link in the email. Open the website in question in a separate tab and type the URL yourself.
But let’s say that you actually want someone using your social media accounts. Maybe you have an employee or a consultant that you want to have access to them. You still don’t give out your passwords. Instead, add access through apps or role settings.
For example, you can add someone to your Facebook page as an editor instead of giving them your username and password. They have the privileges to make changes and posts, but they can’t remove you from the page.
On the other hand, you might use something like Hootsuite or Buffer to give access to your Twitter account. Instead of giving out the password, add any new users through a third-party app. They’ll be able to tweet for you or check out analytics, but they won’t be able to see your password. And when it’s time to move on, you can just deactivate access.