Are Your Social Media and Other Accounts Secure? | Beth's Blog

Are Your Social Media and Other Accounts Secure?

Digital Strategy

A few days ago, I noticed that my long-time nonprofit technology colleague, Ruby Sinreich, had her digital life hacked and stolen from her.   The hacker accessed many of her accounts and locked her out, and took over her Twitter, deleting her followers and changing the profile.    Chronicled on her tumblr blog,  it took her days to reach humans at different platforms to get help, faced many challenges, and all the while the hacker teased her and tried to sell her Twitter account on a hackers forum.   She was able to finally take back control of her accounts after a very stressful ordeal.

This could happen to any of us.   So, how can you make your social media and other account more secure?

Twitter and other social media services offer verification logins.    That means if try to log on from an unfamiliar IP address, the service will send a code via SMS to your mobile phone and you enter that code.  That way only you can log into your account.    Here’s more on Twitter’s verification logins and here.   You can enable this for both Google and Facebook.   For Google, it’s under Account -> Security -> 2-step verification.  For Facebook, it’s Account Settings -> Security -> Login Approval.  Twitter, it’s under Account -> Account Security -> Require a verification code when I sign in.   As soon as I read about Ruby’s ordeal,  I enabled this on my accounts.

It was minor inconvenience at first having to reset these accounts on my desktop, laptop, tablet, and mobile phones, but better to be safe than face an ordeal like Ruby’s.   There are also some issues if you want protect both your personal and organizational accounts, as the verification is one account per mobile phone number.

Every so often, it is a good idea to do security and privacy assessment of your Internet presence.  Tactical Technology as a terrific resource, Security in A Box, that helps you do a security tune-up for personal or organizational accounts. Privacy is also important.  Here are some best practices based on this infographic and the Me and My Shadow site from Tactical Technology.  The shadow site has a terrific tool box that helps you understand what pieces of your identity are being left online if you are using the Internet.

Have you done a security and privacy audit for your personal and nonprofit’s accounts?

11 Responses

  1. Tobie says:

    Thank you for this important information. How do you set this up for your LinkedIn account?

  2. Beth says:

    Tobie: Good question. I looked for it but I didn’t notice if they had it. I’ll ask around

  3. Beth, thanks for this post and the helpful instructions. I’ll share with my colleagues.

  4. Meg Garlinghouse says:

    We just posted some guidelines on how to add a new layer of security to your LinkedIn account:

  5. Timo Luege says:

    As someone who is travelling a lot internationally to developing countries I prefer the Google/Dropbox way of enhancing securing, i.e. through an app. The problem with verification by SMS is that it requires you to have access to your phone number, whereas verification via app only requires you to have access to your phone. This is an important distinction since SMS might not reach you at all when travelling in some countries or with so much delay that the code will have expired by the time you receive it. I also frequently put in local sim-cards when in another country and these obviously can’t receive the messages sent to my other phone number. However, in all these cases, I still have access to the hardware and can easily access services that require me to use an app for verification.

  6. Beth says:

    Timo: I have the same problem, but I always purchase a $10 international texting package so I can get SMS cheaply. Google offers you the ability to generate codes and keep handy in case you don’t have access to your phone – and also prompts you to add a second phone number that you can get the code by SMS for voice call. Not perfect!

  7. […] Are Your Social Media and Other Accounts Secure? [Beth’s Blog] […]

  8. There’s also the issue of being based outside North America and not having your mobile number be supported…so there is a two-class system where North American users can have enhanced security, but not others. Think I’m making this up? I have added two-step verification to my services (thanks to this article), but Twitter tells me that my service provider is not yet supported even though it is a major international player in telecoms and the former national phone company!

  9. […] Are Your Social Media and Other Accounts Secure? Here are a few things you can do to help secure your social media accounts. By Beth Kanter […]

  10. […] Post: Are Your Social Media and Other Accounts Secure? – A few days ago, I noticed that my long-time nonprofit technology colleague, Ruby Sinreich, […]