Keep It On Lock: Securing Your Social Media Accounts

I've been managing social media accounts for almost 10 years now (whoa!), and I've seen so many accounts get hacked (still a major yikes to the instance in that link), lose passwords, or get held hostage by a previous employee who has no interest in returning the account back over to the original owner. It happens far too often to brands both big and small, and most times it can be prevented.

This list is pretty detailed, but I'm jumping straight to the chase and highlighting the best ways to keep your account secure regardless of the number of people you have managing them. 🔐


Update your password when a person leaves your organization

I really can't say this enough so I'm highlighting it first: Change your password each and every time a person exits your company, regardless if the person left on great terms. Since you never know how a person really feels deep down, they could go on a defamation spree that could easily turn into a huge PR nightmare for your brand.

Even if your ex-social media manager doesn't have that temperament, you never know who may have access to her phone and computer in order to make posts on behalf of your brand.

Also, take a moment to remove the individual from any platforms she may have access to such as Facebook Business Manager or Buffer.



Think twice about who you give direct access to

Does your supervisor's teenage daughter who is shadowing you for three weeks really need your brand's Instagram password? The answer is always no.

If you're working with temporary employees on a regular basis, consider using a social media management platform like Sprout Social or Hootsuite instead of giving out your social passwords. If you need them to go live on Facebook, Instagram, or Snapchat on occasion, consider investing in a spare phone. It's worth less than having to start your accounts over if someone runs off with them.

When using Facebook Business Manager, reconsider giving every member of your organization an Admin role. Think about what they're actually using Facebook for and see if the Editor or Moderator roles fit better.

Even if you work with select individuals on a daily basis, they may not actually need access to your accounts. Don't give it out to everyone like free samples at the mall.

Think twice about giving admin access out!

Think twice about giving admin access out!


Create a master email address (and keep it private)

Use a master email address on your company's domain that will host all of your accounts. It could be something as simple as This way you'll never find yourself asking "Whose email address is this account under?" each time you have to log into a platform. This will come in handy if a person leaves your organization but forgets to switch their permissions over to you.


Keep your passwords in a secure place

Storing your brand's passwords in a Google Sheet that can easily be shared or hacked is not a good idea. Consider using a program like 1password or LastPass to keep all of your passwords in a secure place.

1Password is a great program to help you keep all your passwords safe.

1Password is a great program to help you keep all your passwords safe.


Change your passwords every so often

Having the same password for years isn't safe which is why most companies make us change them every couple of months or so. Consider revamping your passwords at the end of every quarter. Make sure they are somewhat lengthy and have an uppercase character, a number, and a symbol! 🔠


Keep track of what apps and sites have access to your accounts

It's so easy to login via Facebook on our favorite sites and apps, but you shouldn't be so quick to do it with every place in cyberspace.

Take a moment to keep track of the list of apps you login to sites with. For example, Twitter shows you a complete list of the apps that can access your account by logging in and going to Settings and privacy > Apps. You may be surprised by the number of companies who have read and write access. Instagram does it too on their Manage Access page. Managing this now will come in handy when popular platforms, like Timehop, have data breaches.

I don't even have a Droid...

I don't even have a Droid...

Clear your devices before donating or selling them

If you're preparing to sell your Mac, iPad, iPhone (you see who I'm loyal to), wipe your devices before doing so. The last thing you want is to literally hand access to your social media accounts over to a stranger.

If you happen to lose one of those devices, change your passwords immediately.


TURN two step verification

Most of us hate when we log into an account and it makes us send a code to our cell phone for verification. However, those who have been hacked probably wish that worked when it was supposed to.

Consider turning two-step verification on for any accounts you manage. On Instagram, you'll be given a set of backup codes to save to your camera roll in order to get you back in your account if you can't get a security code by text for any reason.

Yesterday, Instagram announced that they're working on a non-SMS way to keep your accounts extra secure.

This is what Two-Factor Authentication looks like on Instagram.

This is what Two-Factor Authentication looks like on Instagram.



If your company has multiple locations or departments, let employees know that they cannot create additional accounts with your brand name or logo. If they ask why, say it's for security, branding, and PR reasons.

What are your tips for keeping your social accounts secure? Anything I forgot to mention? Let me know in the comments!