Securing Your Social Network Accounts

One of the worst things that can happen to you online is when someone hijacks one of your social network accounts.  When unauthorized bad-actors get your Facebook or Twitter password, they can use your account to impersonate you, and to send all sorts of friend requests, share requests, spam, and posts with click-bait links that can lead your friends to web pages that will steal their information or silently download and install malware.

With a tip of the cap to the Sophos Naked Security blog, we are going to help you secure your Facebook, Twitter, and Instagram accounts.  Recently, Naked Security ran three articles that provide step by step instructions on how to secure your Facebook, Twitter, and Instagram accounts.  In the interest of brevity, I going to refer you to the original posts for the step by step instructions.  I have also provided a link to instructions for securing LinkedIn.

There are some common steps that would work with any online account or service, so I will recap them here:

  • Enable two-factor authentication – Do I really need to give a reason?  2FA protects you in the event that your password is stolen or compromised.  In addition to your password, and would-be hijacker would also need the 2FA codes on your smartphone.
  • Enable log-in alerts – This sends an email or text to you any time you or someone else logs into your accounts, and usually includes date and time, geographic location, and device information.
  • Limit connected apps – Personally, I never let Facebook or Google log me in to other apps and accounts, but if you like the convenience, at least take time to review the list and prune it back from time to time.
  • Set up an alternate email – If for some reason your primary email account is unavailable (or compromised), set up an alternate email for password reset instructions.
  • Choose a lockout buddy – Many of these services will allow you to designate another person to vouch for you if you should forget your password (or have it changed by an unauthorized party) and get locked out of your account.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.