The Ultimate Guide to Secure Your Social Media Account
How would you feel about a complete stranger knowing intimate details about your life? How about your bank details? Well, the intimate details that you and millions of others upload to social media accounts every day may not be as secure as you think.
Scams are often inventively disguised to hack your details or cause you to download vicious malware, such as links to “Win an iPad!”, private messages from hacked friends with suspicious links, or fake celebrity sex tapes. So tighten your security, keep your personal details safe and avoid scams with this advice.
Social media account security starts with your password. This is often neglected as you can see from this list of most used passwords of 2012. A strong password contains a mixture of lower case and capital letters, numbers and punctuation. Avoid using personal information such as birthdays, family or pet names, numbers in a pattern, and especially the word “password”. Once you’ve chosen your password, consider using the Bitdefender Wallet feature, part of the new Bitdefender antivirus, which safely manages and stores passwords. Finally, ensure the email address you log in with has a secure password too. A bullet-proof password for Facebook is useless if the password for the associated email is the name of your dog.
Facebook has useful security features in the Security Settings section. Here’s a summary for how and why to use the features in each tab:
- Secure Browsing: Select “Browse Facebook on a secure connection (https) when possible” in order to prevent snooping if you’re browsing on an unsecure Wi-Fi.
- Login Notifications: Choose to be notified by text and/or email whenever your account is accessed through a computer or mobile device you’ve never used before. This is a good way to be aware or any hackers.
- Login Approvals: The “Require a security code to access my account from unknown browsers” option means that, when logging in from an unknown device for the first time, you need a security code that will be sent to your phone (either through text or the mobile Facebook app). Access to your account requires both your account password and your phone, immediately doubling the strength of your access security.
- Code Generator: Enable the code generator through the Facebook mobile app for easy use of the randomly generated codes needed for Login Approvals. The Code Generator is a useful tool or Login Approvals, resetting your password or attaching security codes to third party apps.
- App Passwords: Attach passwords to Facebook and third-party apps. For additional security, consider also attaching security codes through the Code Generator (see above).
- Trusted Contacts: Add trusted contacts who can help retrieve your account if you have problems with your password.
- Recognized Devices: View or remove registered devices.
- Active Sessions: This feature lets you see a list of when and where you have logged in from and the ability to end any session remotely.
- Mobile: For increased protection, consider linking your mobile number to your account.
- Consider how private to make the personal information you put on Facebook and follow a guide to controlling the privacy settings on Facebook.. Bear in mind that anything you make “Public” could be found using a search engine, so up your privacy unless you want those holiday photos of you and your friends in matching mankinis floating around Google.
- Watch out for spammy links sent by companies and friends that could potentially damage your computer. If in doubt, use Bitdefender Safego, a free tool which secures your Facebook andscans links for threats.
- The public nature of Twitter makes privacy more difficult to control, so consider the risks before sharing your location or sensitive information such as your address and bank details. Tweeting your location (or putting it on FourSquare for that matter) doesn’t just tell people where you are. It also tells criminals where you aren’t: at home.
- Login verification ensures that you are the only one accessing your account by sending a verification code to your phone. This means that only someone with access to your phone and your password can get into your account.
Authentic Twitter accounts always use twitter.com as the base domain, so check the address bar to ensure you are not being scammed into entering your login details to a fake site.
- Be wary of phishing. Phishing is an attempt by an outside source to gain personal details such as usernames and passwords, often through a direct message which contains a link. The message often aks you to confirm your details through a site very similar to the authentic one, so be cautious of links in direct messages. Use Bitdefender TrafficLight to scan links for malware before you open them.
- For more about Twitter, see our Twitter tips from a specialist. You can also find on the Internet several ways to make your Twitter account more secure.
- All information you put on Pinterest is immediately and totally public. Luckily, a setting hides your boards from search engines. Under the Visibility section of the settings, select “Hide your Pinterest profile from search engines” to conceal your fluffy little kittens board from anyone Googling your name.
- Pinterest has raised some copyright issues especially for commercial use. An article in Mashable sheds light on the issues they face around the image-sharing capacity of Pinterest. This doesn’t mean you should avoid Pinterest entirely, even if you are a corporation, but do exercise caution when claiming to own anything on the site. If you don’t know where something comes from, disclose that you don’t know or use a tool like TinEye (a reverse image search engine) to locate its origins.
- Until a year ago, there was no Android app for Pinterest, and many fake apps wreak havoc with malware and scams. Make sure the app you download is the real deal.
- Luckily, when you delete any data, Google also deletes it from its servers, unlike some other social media sites. Google+ only uses an encrypted SSL connection, which essentially keeps your connection safe and secure.
- Despite this, Google+ faces its own security challenges. The greatest one perhaps is that anyone can follow you on Google+ without your consent, so it’s down to you to make your posts private and to change the privacy settings for your various circles. For details of how to change your privacy settings see this article on LifeHacker.
- Unchecking the “Help others find my profile in search results” in “Search Visibility” will prevent snoopers and search engines from easily finding your profile.
- As a professional network, LinkedIn may look like a more secure place for your personal information. However, the social network has vulnerabilities if it’s left unsecure. LinkedIn recently had a huge security breach that leaked more than 6.5 million passwords, and users are often targeted by cyber-criminals with malware and spam.
- The personal details you share on LinkedIn offer plenty of resources for social engineers and may be sold on the black market for identity theft and fraud, so consider limiting the information you share. Edit your public profile by unchecking the boxes of the sections you wish to remove from public visibility in ‘Customize Your Public Profile.’
- When adding new connections, be careful of fake profiles that may hide spammers and cyber-crooks who search for valuable data. Change your password regularly and keep it unique and hard to guess.
The social networks constantly have to adapt to new threats, so check the useful information on their websites. For extra tips and tricks, read Bitdefender’s HotForSecurity blog regularly to keep up to date with the latest ways to keep your social media safety top notch. Make sure you keep your antivirus updated, as it will protect you from spam, malware, fraud and phishing attacks on all social networks.
This article is based on the research and information provided courtesy of Tanisha BUTTERY, Bitdefender Social Media Intern.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.