For privacy-minded people, securing social media accounts present a tricky trade-off between maintaining online relationships with friends and family, customers and colleagues, while controlling what personal information is available to the wider world.
Facebook, LinkedIn, Instagram, and other social media continue to be some of the most-frequent targets of major data-piracy. And yet using these tools is increasingly a business and social requirement. Managing these accounts can be complicated, and many are abandoned rather than deactivated, heightening the potential for misuse.
Below we list a few best-practices for people who are both active on social media, as well as those looking to limit and clean up the data trail of years of online-activity.
1. Use very strong passwords, and don’t use similar passwords across social accounts
The bare minimum should be 10-12-character strings using a mix of letters, numbers, and symbols. One popular mnemonic device is to use a memorable sentence as the underlying basis for the string.
Example: “Four score and seven years ago…” = 4score&7ya
2. Use two-factor authentication (2FA) for logins
This should be a standard practice with any online accounts, but is most important for things like social media, banking, and any work-related areas. Here’s a helpful list of ways to enable this feature across a range of social media sites.
The most common form of two-factor authentication is for an account to send a text message to your phone with a 5-6 digit confirmation code. This is considered acceptable for most general-use sites, but for things like online-banking, or anything enabling online-payments, you should be using additional security measures due to the lower-security threshold for text-messages.
3. Disable location sharing
Facebook, Twitter, and a few other sites are capable of broadcasting your current location even when you’re not actively using the platforms. It often requires changing settings on both the desktop app as well as your personal devices. Instructions on how to disable Facebook location-tracking is located here; and the same for Twitter is here.
4. Disable legacy permissions
Longtime users of platforms like Facebook may have spent years approving 3rd party access to your profile and account, only for those 3rd parties to have gone out of business or changed ownership. It is highly recommended to periodically check both Google and Facebook account app-permissions, and delete all/any you no longer actively using.
To clear legacy permissions from your Google account:
- log in to your Google account
- go to https://myaccount.google.com/permissions
- select each service individually and click “Remove Access” as needed
- You can always renew access the next time you log into those other services.
To clear legacy permissions from your Facebook account:
- log in to your Facebook account
- click the down-facing arrow next to the (?) symbol in the upper right corner of your home page, and select “settings”
- on the left sidebar of the settings page, select “Apps and websites”
- select each service individually to change its status
5. Delete old email addresses and any inactive social media accounts
One common method of identity theft is for identity-thieves to hijack unused email accounts that may still have associated authorizations. You can quickly check if past addresses are defunct by checking them here. If it comes back “Invalid”, then the account is deleted.
Below are instructions for manually deleting legacy AOL, Hotmail, or Yahoo accounts:
AOL & Yahoo
With both sites now owned by Verizon Media, they share similar basic account deletion procedure
- log in to your account
- go to either https://yahoo.mydashboard.oath.com/delete-my-account or https://aol.mydashboard.oath.com/delete-my-account
- re-enter the specific account-address you want deleted, and click “continue to delete my account”
- Go to https://account.microsoft.com/account/Account and log in.
- Click on the Security tab at the top of the page.
- Go to More Security Options > Explore.
- Scroll to the bottom of the page and click on Close My Account.
- log in to your Google account
- go to https://myaccount.google.com/data-and-personalization
- scroll down to “Download, delete, or make a plan for your data” and select “Delete a service or your account.”
- select “Delete a service” on the next page
- you will need to log in again to verify your account
- select the trash icon next to any accounts you want to delete
- you will need to instruct where Google can send a verification email (whatever email account you currently still use); go to that email in your inbox and confirm account deletion
6. Limit Facebook interactions to known friends. Protect Tweets
For people with little interest in maintaining public profiles, its best to simply restrict social media use exclusively to your circle of friends and associates. Here are instructions for making both Facebook and Twitter accounts private.