I talk a lot about website security. While securing your website is obviously a passion of mine there is another part of your business and your brand that I haven’t been paying enough attention to. Your social media accounts are often just as, if not more so, important than your actual website? Do you know how to keep them safe as well?
What are people thinking?
This afternoon we spent some time at a local shopping center. While browsing around Best Buy I decided to stop and take a look at the Chromebooks on display as, well, they’re kinda cool.
So naturally, as it’s a Chromebook, the first thing I open up is the Chrome browser and what comes up? Someone’s Facebook account, still logged in. I could have posted, changed his profile or, if he managed a business page, done just about anything I wanted to it.
Seriously, what was that person thinking? Why would anyone do something so seemingly dumb?
Complacency can be the problem
The fact is, the user in question probably didn’t think twice about logging into Facebook at the store. They’re probably used to having Facebook and every other social network available to them everywhere they go and this was just one more convenient place to access that data. I know myself that it’s easy to forget these things and we all see such problems all to often. So what can be done about it? How can we be secure when it is so easy to get to our accounts from just about anywhere, even the local store?
1.) Don’t log into any sites on a computer you don’t own
This seems simple but as I mentioned above it’s all too common. Resist the temptation. Missing your nephews 1st birthday party or some other major event isn’t a good excuse to log in from the local big-box store. Posts aren’t going away and they won’t physically trasport you to some other place. Fight the “right now” impulse and wait until you’re somewhere safe to login. I know it isn’t easy and I’m guilty myself (I was infamous for leaving sites logged in at a public computer at work) but restraint is something we should all strive for if we want to have any kind of security.
Keeping your social media on devices you own doesn’t just apply to you public computers either. It doesn’t matter if the device is still in the store or in the living room of a trusted friend. Don’t do it. If you forget to log off even the most well intentioned practical joke can cost you some serious embarrassment (at a minimum) and could cause a lot worse if you have access to a company account from within your own login.
2.) Use two-factor authentication
One way many social media accounts are hacked is weak passwords or passwords shared with other compromised sites. While using a strong password and using different passwords for each site has become a lot easier with services like Lastpass there is still a better way to secure most of the big social networking sites.
You see, a password is just something you _know_. Unfortunately, if you know it so can someone else which leads to a major weakness in the whole idea of password security. Two-factor authentication increases the security of your accounts with both something you _know_ and something you _have_. In other words, to get into a site protected with two-factor authentication you’ll need your password and, in most cases, to _have_ your phone physically with you for an app like Google Authenticator which will give you a code that is only good for a few seconds.
Most of the big networks including Facebook, Twitter, Google, LinkedIn, App.net and others all support two-factor authentication in one way or another. Facebook allows you to do it right through the Facebook app on your phone or text message, Twitter and LinkedIn use text messages and App.net and Google both use Google Authenticator. It’s easy to set up, it’s easy to use and it really does work.
Of course, as with any security measure two-factor authentication isn’t perfect but if you value your accounts and, more importantly, you value your friends and anyone else you contact with your accounts two-factor authentication can take your security far beyond a basic password.
3.) Don’t let accounts go dormant
It’s no secret that we live in the age of social media with new services for everything from general friends to seeing how many beers you can drink popping up daily. Do you really need them all?
How many accounts can you realistically keep track of? Signing up for everything might seem like a good idea but if you don’t check in regularly you’ll never know if someone else has.
Take a few minutes to take stock of your social media sites and don’t be afraid to delete what you’re not using. While you can always sigh up again later you can’t always be sure who might gain access while you’re away.
In short:
Being complacent with social media can get you in trouble. Don’t sign up for every network just because it is new and never access any social network from a computer that isn’t your own. Finally, make sure you use two-factor authentication for every account you can to keep the bad guys out even if they do crack your password.