When was the last time you changed your Facebook password? If you’re like many of us, you probably can’t even remember. Facebook won’t prompt you to make a change, and its two-factor authentication is strictly optional. The same goes for Twitter. LinkedIn is a bit more aggressive in that area, but it, too, makes the feature optional.
We tend not think of our social media accounts as important points of vulnerability because we don’t store payment information there. But think again. Recent hacks of McAfee’s LinkedIn account and McDonald’s Twitter account show how easy it is for even big companies to be compromised. Facebook co-founder Mark Zuckerberg’s social network accounts were hacked last year. It can happen to companies of any size and it can happen to individuals, too.
Consider what a malicious person with access to your social accounts could do:
- Impersonate you and post content that embarrasses you and alienates friends and colleagues;
- Access personal settings to look up information like addresses and phone numbers that you share only with your closest friends, opening the door to identity theft;
- Access content, such as photos and videos, that you share only with close friends or family members;
- Log in to the myriad of services that use Oauth, the popular single sign-on method used by thousands of other websites;
- Once signed in on those services, repeat the mischief elsewhere;
- Change the password to your social network accounts, forcing you to go through the painful process of contacting and verifying your identity to each of those operators;
- Monitor your travel activity to look for opportunities to break into your home or business;
- In the case of Google, make payments using Google Pay.
Do you need any other incentive to safeguard your social network passwords? All the major social networks now offer two-factor authentication. Our advice is to use it. The extra step may take a few seconds, but consider the trouble you may be saving yourself.