How to Keep Your Social Media Secure

Passwords and online security padlocks
A friend of mine had a social media account hacked. She doesn't know how, but some one logged onto Twitter as her and posted things pretending to be her.

It's a common thing to happen, someone uses technology or a simple guess to access a social media account, a website, an email account and runs amok, free to 'be someone else'.
Hackers range from bored Internet geeks signing you up to dating sites for fun (has happened to me!) or posting porn on your Facebook page, to vast botnets (a network of computers running code that can bombard servers and crash them)  used to bring down companies, and everything in between.

But it doesn't really matter WHY someone hacks you, you just need to think about HOW they hack you, and do all you can to prevent it. Anyone can be a target. If you use the Internet for anything at all then chances are you have log ons and passwords. You probably read all the information about security and think "oh it's just my email, a password doesn't need to be complicated" but if that email is the one that a password reset link for your bank would be sent to... And if you are a blogger reading this, you are your own brand! All of your social media apps and online presence represents you, and should be kept secure.

So here are some security/password rules for your online life. Can you check off all of them? Have I missed any?

  • A password should not be a dictionary word. A computer can trawl through all of the words in all of the dictionaries in the world in seconds.
  • A password should be long, the longer a password is the longer it takes to hack.
  • A password should not have any connection to you. Lots of hacking is via tech but don't make hacking easier by using combinations of dogs names, phone numbers and birth dates.
  • Your password should be different for every site. Yes it's a pain but if you get hacked you only have one password to worry about, not every site you access.
  • If there is an offer of 2 step verification (where you are texted a code as well as having to have a password, or you have a token with a changing code) for a site use it! If you have to not only know a password but also have a thing in your possession to confirm access, it makes hacking into your account much harder. Google, Twitter and Facebook all offer two step verification.
  • Use a password manager - yes there is a risk of 'all your eggs in one basket' but it's no greater risk than a weak password and it's a much better bet than lots of weak passwords, or repeated passwords. A password manager uses bank quality encryption to keep your passwords safe. It will generate strong random passwords for you. I use LastPass - it has a two step verification option as well.
  • Be careful who you allow to access your apps etc. Logging on via Twitter or Google for speed is fine if you are sure the site is secure, but check regularly who has ongoing access. On Google you can be inadvertently sharing location, calendar etc.
  • Do a regular check up on sites like Google, Twitter, Facebook and remove app permissions you don't recognise or haven't used in a while. You can always add them back later if you need to - lot's of 'games' on social media sites are just hidden data miners after your information.
  • Some sites (Facebook is one) will send you an email telling you the location of each log in to your account so you can keep a check on what's going on.
  • Double check every email that claims you need to log on to confirm anything! Don't use the links in the email - go to the site via a method you trust instead and log in that way - it's far too easy to copy the url code and make a fake site to harvest passwords.
  • Consider using a disposable email for sites you will only use once and you are not confident with.
Loads of great security advice over at Naked Security Blog. Worth signing up to their email too to stay one jump ahead of the bad guys.