It happens. A LOT. LinkedIn yesterday, Twitter before that, and Facebook way before that. Social media profiles have become the target of social media hackers who use that data to further spread their maliciousness or gain access to your more sensitive data (more about that in a bit).
So what’s social media addict to do? Be smart about your password security.
Password Security Best Practices for Your Social Media Profiles
The trouble with using the same password for multiple sites is that when one password gets compromised, you have now given the hackers access to more than just your social media profile.
Hackers get access to higher-level passwords by targeting less secure password data. So that favorite password you use for all your social media profiles could be the key a hacker needs to unlock your online banking, for example.
#1: One Site, One Password – Yes, it’s a bit of a hassle to have different passwords for EVERY site you use, but it’s the best way to limit your exposure if (and probably when) a particular site you use gets hacked.
#2: Change Passwords Regularly – Again, this one is a bit of a hassle so if you don’t want to change your password for every single site, that’s fine, but please change the critical ones, like your online banking, as well as your passwords for the major social media sites, like Facebook, Twitter, LinkedIn and Google+.
#3: No Names, No Real Words – Your favorite sports team, pet names, or anything other real words are a HUGE no-no! If it doesn’t look like a random string of characters, then it’s not secure. Thankfully a lot of sites now rank your password choice – heed their warning if it says it’s too easy!
#4: Use a Password Keeper – The best way to avoid the temptation to use easy-to-remember (also known as easy-to-hack) passwords is to use a password keeper with a built-in password generator (check out this password manager video for recommendations).
#5: Manage Password Access – If you need to share passwords with team members, use a password management system to handle granting and revoking access. Whenever possible, issue users their own unique password or treat it like a library system where users check out and check in passwords (meaning you change it after they no longer need access).
When in doubt, go with the old adage, “It’s better SAFE than SORRY.”