Advice Technology

Two-step: how to avoid having your social media hacked

The cyber war is here, and social media is on the front line. Improve your chances of keeping your Facebook, Twitter and Instagram accounts safe with this super simple tip: two-step authentication.

Boring? Possibly. Important? Absolutely.

What’s the problem?

I’ve noticed an increase in the number of friends of mine on social media who are being hacked, so here’s my top tip for preventing it: set up two-step authentication (also called two-factor authentication). Here’s a quick rundown of what two-factor auth is, why it works, and how to get set up quickly. For instructions, jump to the bottom of this article.

What is two-step auth?

Normally when you log in to a social media platform (for example, Twitter) you use a password to prove you have the right to access the account. This is a one-step login. Passwords are pretty easy for hackers to break to enter your account (even if you change a password relatively often).

Two-step is where we add another… step ;). You still use your regular password as the first login step, but then you use your phone or another device to authenticate you as the official user. Hackers can sit in a coffee shop and grab every password that your computer sends over the wifi, so if you’re not protected by an additional layer of security it is almost inevitable that your account will be compromised at some point.

Why it works

Passwords are easy to break, and if a system has been hacked they can usually access all the passwords for users, so if you’re relying on just using your password and updating regularly… well, let’s just say that’s a bad idea.

When you’ve set up an additional security step as with two-step authentication, you simply log in as normal to Facebook, Youtube, Twitter etc, and then wait for a verification text with a code to confirm that you are who you say you are.

Two-step works because it’s much harder for the hackers to trick the system and to grab the information that goes to your phone for verification, and the information changes every few minutes (unlike your password).

It isn’t perfect

The problem is that security is directly opposed to usability: if a site was completely secure, you wouldn’t be able to access it over the internet. But this doesn’t mean we should opt for the easiest path – we need to balance security with usability. Although two-step authentication does add an additional step and takes a couple of minutes to setup, most sites allow you to save the browser so that if you’re on your laptop you don’t have to login by 2 step every time for a set amount of time (for example two weeks).

Isn’t it worth the small upfront effort to protect yourself and those around you?

How do I get setup?

The process of getting set up with two-factor authentication is similar across most social media platforms, so I’ll just outline a couple below.

How to setup two-step auth on Facebook

It’s best to approach these steps on your own private internet connection at home, rather than in a coffee shop or over public wifi.

  • Log in to your account as per usual. This can be on the website or via the mobile app.
  • Desktop: click the down arrow in the top right corner and click settings towards the bottom of the dropdown that appears.

  • Mobile: press the three bar ‘hamburger’, and scroll down to settings, and when you’ve pressed that, hit account settings.

  • Click / press security and login.

  • Look for Use two-factor authentication.

  • There are a number of options here, but the simplest is to add your phone number for SMS verification.

When you’ve added your number, it’s worth logging out to check it works, or trying to log in on another device to ensure this is as expected.

How to setup two-step auth on Twitter

Twitter’s security settings are a little less obvious, but it’s a similar process:

  • Log in as usual
  • Desktop: click on the small avatar (profile image) in the top right corner, then click settings and privacy
  • Mobile: press your avatar in the top of the app, then press settings and privacy
  • Now hit account.
  • Desktop: review your authentication methods and follow the instructions for login verification
  • Mobile: press security and follow the instructions for login verification

Again, once you’ve added two-step auth I’d advise logging out and back in to check it all works. If you want to set up two step on Instagram, Pinterest or other platforms the process should be very similar.

That’s it! 🙂

I hope this has been helpful, and if you have other ideas and tips, or want to share / vent about your hacking experiences, drop me a comment below!