This is the first post on my website and I want to kick things off with something near and dear to everyone’s heart: social media. Social media has ushered in a new era of swift communication where everything and everyone is connected. This lends the question, how can I protect myself and my identity in an increasingly connected world? Can people really use my social media to steal my bank, medical, and other personal information? In short, yes. Cybersecurity has become more complex as new devices like phones, TVs, watches, and even toilets (I’m not kidding check this out) are now being connected to the internet.
This post requires zero prior cybersecurity knowledge. I’m going to keep this simple and easy to understand, because why complicate things? Here are some simple ways to secure your social media and why they’re important.
Why do I need to care about securing my social media?
Social media is heavily connected to your identity in modern society and there is significant overlap between your public accounts (Facebook, Twitter, etc.) and personal accounts like your bank and email. Don’t take my word for it though, think about examples of how social media is connected to other sensitive accounts in your own life. Almost everybody has at least a few accounts linked with their social profiles. Many people use the same username, password, or email for both their bank account and their social pages! Even if you don’t use the same password but you use the same username, it’s twice as easy to get into your account because a hacker only has to guess your password instead of guessing your username AND password. To give you a better perspective, many computers nowadays can guess billions of passwords a second. Do you still feel safe with your six character password? Consider the common scenario:
A malicious hacker browses through social media pages with the intent of breaking into someone’s personal accounts and they come across your Facebook/Instagram/Twitter page. Your username is cooldude24 and they decide to send a fake email to email@example.com (or Yahoo, iCloud, etc.) because most people reuse their usernames for multiple accounts. The email looks like it’s from Google themselves asking you to enter your password to verify your login information so your account doesn’t get deactivated. You reply because you’re afraid of getting shut down and it looks legit. Now the hacker has the username and password to your email which means they can login. Just about every major bank (or ANY online account) has a password recovery option that sends an email to you so you can reset your password. Because they have access to your email they reset your bank password, login to your account, and lock you out of it. Do you see how one piece of information leads to another?
I’m a cybersecurity researcher, so speaking from experience in analyzing security breaches trust me when I say that this is a mild example. If someone gets access to your social security number you can be in far worse of a pickle than someone getting a few bucks from your bank account. Enough about why it’s important, let’s move on to simple things you can do.
Utilizing a Password Manager
Remembering tons of crazy long passwords and usernames for all the different sites we visit is unreasonable even for the greatest of memories. The great thing is we don’t have to anymore! A password manager is probably the top safety practice that you can employ to protect your accounts. A password manager will generate, store, and retrieve passwords for you so you don’t have to. The password manager will also encrypt your data so it will be nearly impossible for a hacker to retrieve any of your information. In the scenario above, a hacker would not be able to login to your email or bank account if you used complex usernames and passwords generated by the password manager.
There are lots of free choices out there that will automatically generate secure passwords for you and store them for when you want to login to a site. Many password managers have the ability to login to sites for you so you don’t have to lookup the password every time. As an added bonus they can keep track of your random usernames, pins, security questions, credit cards, and much more so you don’t have to remember those either (which is great for me because I forget literally everything). I know what many of you are thinking, what if someone guesses the password to your password manager?
That leads us to our next topic: two-step verification.
I’m going to explain two-step verification with a simple real-life example. When you go to the DMV and finally get to the counter after 2 years, they ask you for two forms of identification. Why you say? One reason is verifying you are who you really say you are. If someone picks up your lost id (or steals it), they can’t make any decisions on your behalf by impersonating you. The second form of identification helps prevents fraud. The internet world uses the same concept. When you turn on two-step verification (also known as two-factor authentication) the website requires two forms of ID, namely your username/password combination and a code that is sent to your phone over text.
Going back to the first example in this post, if someone happens to get your username and password while two-step verification is active, they can’t login to your account because they don’t ALSO have the code that was sent to your phone. In layman’s terms, some hacker on the other side of the world can’t get into your account, because they don’t have physical access to your phone. All major accounts including password managers, email, banks, insurance, medical, and social media sites support two-step verification so you should turn it on! Click here to see how to set up two-step verification on all your social accounts. Most of the embarrassing celebrity account hacks could have been avoided with two-step verification, just saying…
Here are some other basic tips for securing your social media:
- Change your passwords regularly, with a password manager this is trivial. Have the password manager generate a new password for you every 3 months or so. This will make your account significantly more secure and will only take 45 seconds of your life.
- Sign out of accounts when you are finished using a shared computer. Many social media accounts are compromised because someone used your account while you were still logged in.
- If you are not using the account anymore, shut it down. This rule applies to many areas of life. If you don’t need it, don’t keep it.
- If you can, create a unique email just for your social media that’s not attached to any of your other accounts. Having a dedicated social media email prevents any overlap between your social accounts and your private accounts. As we saw earlier, using the same email for social media and your bank can have disastrous consequences.
- Go private. Unless you are a business, blog, or make a living from a public social page, there is no reason for your personal page to be public to the internet. Twitter, Instagram, Facebook, etc. give you the option to make your page private from the general public until you have accepted a friend request of some sort.
Hopefully these few tips help in your internet endeavors. It might seem irritating to get a text message every time you log in to your email or bank, but I can guarantee you it’s a lot less irritating than dealing with identity theft or fraud