Account Hacked?! 7 Pro Tips To Secure Your Social Media Accounts!
Even if you’re the most privacy-minded individuals watching this channel, you probably have a social media account somewhere. If you’re logged into Youtube… well, sorry to break it to ya, that could be considered social media. And if you don’t, chances are you have colleagues, friends, and family members who most definitely do have social media accounts. Whether that’s just the account you use to log into Youtube, Instagram, or TikTok to watch lil short videos or the ones you use to talk to family members or online friends like Facebook and Twitter which I refuse to call X. Or maybe you had to make a LinkedIn profile to network for your job.
Social Media is a part of our lives now both professionally and personally so it’s crucial to understand how to protect these types of accounts from invasions of privacy and breaches to security.
So these are my 7 best pro tips to secure your social media accounts. If you’ve already taken these steps, send this video to your friends or family. Chances are you’ll save someone the hassle of having to google these tips and you could potentially save someone from getting hacked.
This video is sponsored by DeleteMe, so stick around for a great discount and find out how you can scrub your data from the internet the easy way.
[STRONG PASSWORDS]
We’re still waiting for passkeys to be adopted by most sites, so in the meantime we’re stuck with the old adage of password management. When creating passwords for social media, a common problem I see is people will reuse the same password (or something very similar) across all common sites. For example: your could use a password like “cat6755” on Facebook, and use “cat6756” on Twitter. Not only is that way too similar to the first password but it’s also way too short. If someone was to figure out your password for Facebook, they could easily try it or just change a letter or number on Twitter. It wouldn’t take long for someone to break into your account.
Recently one of my family members had their Facebook account hacked, and while they did change their password they also told me “there’s too many to memorize so I’ll just change it back next week”. Don’t do that!! If you did get hacked, chances are someone already knows that old password, so why keep using it? There’s nothing stopping an attacker from hitting up your Facebook account again in a couple of weeks to see if they still have access.
I suggest using a password manager to secure your passwords. That way you don’t have to memorize any of ‘em except for the one that you use to access your password manager. Think of it like a bank vault with a bunch of passwords scattered about. You can’t get into that bank vault without getting through the security system of the bank then using the key to unlock that giant thick vault door. I have a few videos on my channel all about password managers and which ones I recommend.
[2FA or MFA]
So we compared password managers to bank vaults. 2FA can be compared to an ATM machine. The ATM machine needs two things to give you access to your money: Your bank card and your PIN. That’s 2 factors of authentication.
Online this takes on a similar form. When you log in, you input your username or email address and a password, then the next page asks you to input a six digit code that is sent to your phone or generated in an app or it authenticates you with a piece of hardware that you have. The most common of these is when a site sends you a text message with a code and it tells you to enter that code into the website. That means the site is requiring you to have your password but also a second thing: whether thats the hardware key or your phone with a special code. Some sites automatically set this up when you sign up. Other sites have this option in the settings under their Security and Logging In section, and you have to enable it yourself.
All of today’s social media accounts allow you to add 2FA in one form or another. If you would find a walkthrough of each site’s setup process useful, let me know in the comments.
So those two steps set you up with better login security but how about security after you log in?
[ACCOUNT ACCESS]
First, we’ll look at additional account security options. Anything that has access to your account can be disabled under security settings. As an example, let’s look at Twitter. On Twitter, go to settings, then click Security and Account Access, then choose Security. This is where you can choose what type of 2FA you’d prefer to use. While Twitters announcement many moons ago about removing text message 2FA support got a lot of folks totally confused and thinking they had to pay for Blue in order to get 2FA, that’s not actually the case. The truth is text message 2FA is the least secure option, so you’re better off choose either the Authentication app option or the security key option, or both! Once set up, you can also write down your backup codes and store them somewhere safe. I just did a video about backup codes, so watch that if you’re curious about learning more.
When it comes to social media accounts, the security settings page is where you’ll also find options like protecting your account from password reset attacks by requiring you to input your email or phone number in order to reset a password.
A crucial security step is auditing which apps have access to your account. On Twitter, this is found under Security and Account Access, then choose Apps and Sessions. If you use Twitter to sign into another account or if you authorized an app to have access to your Twitter data, then those will appear here. Revoke any that you don’t need or recognize.
Sessions has to do with other devices that are currently logged into your account. If you see one that you don’t recognize or need logged in, click on the device then choose Log out the device shown. We often totally forget about old devices after they are donated, sold, or gifted. Not only should you be resetting those devices to factory settings, but you should also be revoking their access under your social media accounts.
Click into Connected Accounts and the same applies. Remove any that you don’t recognize.
A bit of a twitter-specific side note: We have Delegate. This is a feature that allows multiple people to manage a twitter account, like for a business. If there are any accounts delegated to you or ones that you’ve delegated your account to - you can remove them under those two settings. You can also disable this entirely if this is something you’ll never use.
[DELETE ME]
Now here’s a step you can take online to protect your data - because you can protect your phone all day but if your data is already online, it’s easy for anyone to find it. Data broker websites make our data easily searchable and publicly available - that’s data like your full name, home address, phone number, email address and more. Yes, you can totally go to each of these sites one by one, find your data, and request that they remove it, but that could take days every month to do because there are so many data brokers out there. So I signed up for DeleteMe many, many years ago as a paid customer, and they take the hassle and stress off my shoulders. DeleteMe sends those opt outs so I don’t have to by searching all these data broker websites and sending them all those manual opt out requests.
So if you are ready to take control over your data online, especially that phone number, check out joindeleteme.com/morsecode to get 20% off any of their consumer plans with the coupon code SNUBS, which will automatically apply at checkout. That’s joindeleteme.com/morsecode and 20% off with coupon code SNUBS. Thanks to DeleteMe for sponsoring this episode!
[LOCATION SHARING]
Social media apps often have access to permissions like your location even when you aren’t using the app. For apps like Twitter and Facebook, this location data lets them serve up localized ads as well as recommend nearby content. But you do have the option to disable these settings. These settings again would be found under your general account settings then under security and privacy. But here’s a pro tip: pull out your phone and hold down on your social media app. I’ll use Facebook for this example. Click on the info icon then click Permissions. If Location is enabled, you can revoke that access here. This can also be accessed through the app under the gear icon, and you can either go to your Privacy Checkup and look at Your Data on Facebook, or scroll down to Device Permissions and disable location. This is also the perfect place to look at those other permissions and revoke any unnecessary ones.
[DELETE OLD OR UNUSED ACCOUNTS]
Now let’s delete our older accounts. Lemme tell you a story: I have a family member who constantly forgets her password and instead of resetting it, she creates a new facebook profile and adds everyone as a friend again. Even though that is less convenient, she finds it easier to do this than to reset her passwords all the time. But the problem with this is her old Facebook accounts end up still active because she never deletes them, so if those old accounts got hacked, someone could get access to any of her private posts or photos, they could message friends pretending to be her, or worse. Because of this I often help fam delete old accounts and go through their settings whenever I visit them. A vulnerable social media account can become an attack vector for anyone who you’ve friended through that account.
JustDelete.Me has a well rounded resource to figure out how to delete your old accounts. You can read through each websites deletion policy and find quick info via this site. This is a lot faster than digging into your settings to hopefully find a “delete my account” option, which may or may not exist.
[PRIVATE ACCOUNTS]
After removing permissions, changing passwords, and deleting old accounts - you’ve done a lot to secure your social media but there is one crucial step that can stop attacks - that is making your accounts private. I realize all my accounts are public - that’s because of my job - but most folks don’t need a public social media account. Social media has an option to allow all your posts to be private for a group of friends that you’ve picked, so they won’t be displayed for the entire world to see. You may think no one is interested in your posts, but even things such as photos of your kids, a picture from your hometown, a mention about going on vacation could be enough for someone to stalk you or rob your home. A post about your dog or your mom could be the answer to a password reset security question like “what is your mom’s maiden name?”. These seem innocuous at first, but an attacker can put pieces together and create a dossier of sorts full of your data just from public posts on social media.
You can make your entire account private, and on some platforms like Facebook and Tiktok, you can make specific videos or posts private but still have a public facing account.
If your account has been public and you want to go in and make everything private, you can do that too. On Twitter, when you switch from public to private, that means your entire account and all of your old tweets will now be private for example.
Unfortunately though, many of these social media giants don’t have a way to easily delete all of your old posts all at once. There are third party apps that you can pay for that will do that for you - but they don’t give us an easy way to just cleanse our social media and start fresh. On Facebook, go to settings and privacy, settings, privacy, then look for the your activity section. You can limit past posts to friends only immediately, and you can limit your future posts to friends only. It’s also a great idea to check out the rest of the settings on this page to make sure strangers can’t message you or tag you in photos without your consent.
[CONSIDER PRIVACY WHEN POSTING]
Even if you do have your social media account set to private, there’s nothing stopping one of your friends from screenshotting your post or taking a picture of a DM you sent. The only thing stopping people who have access to those posts from sharing your posts without your consent is trust and respect. Don’t wait til someone breaks that trust and respect to stop posting things online that you wouldn’t say or do in person. A lot of people hide behind a monitor and keyboard and say cruel, hurtful things online and they think there’s no consequences for those actions - but people lose jobs, get in trouble with the law, and they get cancelled. Treat people with respect and don’t give them a reason to screenshot your private posts. And be careful who you friend on a private social media accounts. People might be nice to your face but be fake as heck in the real world.
So what best practices would you recommend to lock down and secure your social media accounts? Social media is all about being social and communicating online, but it’s hard to balance that still be private and safe. Comment with your tips below and subscribe for more like this. Thanks for watching, bye yall!
