NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate is the Northwest Progressive Institute's unconventional perspective on world, national, and local politics.

Friday, September 9th, 2011

Safeguarding your social media accounts from hackers: Five essential guidelines

If you spend much time on Twit­ter, you may have noticed that one of NBC’s Twit­ter accounts was hacked ear­li­er today and used to dis­trib­ute false mes­sages about a ter­ror­ist attack in New York. Although NBC and Twit­ter quick­ly took action to take con­trol of the account back from the hack­ers,  the inci­dent still looks bad.

NBC is tak­ing it very seri­ous­ly — as they should. The net­work’s Bri­an Williams deliv­ered an on-air apol­o­gy dur­ing the news­cast tonight, and doubt­less NBC’s new media team is already assess­ing how to pre­vent this from hap­pen­ing again.

While they react to an embar­rass­ing breach, we’d like to encour­age all of our read­ers to be proac­tive in safe­guard­ing your social media accounts from hack­ers. Here are five steps you can take to strength­en your account security.

  1. Use a unique pass­word for your social media accounts. You should not be using the same pass­word for Face­book or Twit­ter that you use for email, or for online bank­ing. If some­body breaks into your email account, they have instant access to your Face­book account if you use the same pass­word. Your account is more secure if you use a dif­fer­ent password.
  2. Choose strong pass­words both for your social media accounts and for email. “mydogbailey12” is not a strong pass­word. A strong pass­word should not con­sist of any words that you could find in a stan­dard dic­tio­nary of any lan­guage (unless it’s a lan­guage you invent­ed). Instead, use acronyms that would be mean­ing­less to any­body except you. Mix in some num­bers and punc­tu­a­tion for a strong, hard-to-crack password.
  3. Always use HTTPS. HTTPS stands for Hyper­text Trans­fer Pro­to­col (HTTP) Secure. When you con­nect to a web­site using HTTPS, your con­nec­tion is encrypt­ed, reduc­ing the like­li­hood that some­body will be able to inter­cept sen­si­tive infor­ma­tion like your user­names and pass­words. Face­book and Twit­ter have HTTPS modes, but unfor­tu­nate­ly, they are not enabled by default. You have to turn them on in your account set­tings (see how by click­ing on the pre­ced­ing links). This is some­thing you can and should do right now! You can also install HTTPS Every­where if you’re a Fire­fox user. This exten­sion will force your brows­er to default to a secure con­nec­tion on many pop­u­lar web­sites, not just Face­book and Twit­ter.
  4. As a gen­er­al rule, do not log into your social media accounts from a shared com­put­er. You have no way of ver­i­fy­ing that a pub­lic or shared com­put­er is secure and free of mal­ware. HTTPS can pro­tect against man-in-the-mid­dle attacks, but if you’re the com­put­er you’re using is record­ing your key­strokes, HTTPS won’t save you from being unknow­ing­ly compromised.
  5. Think twice before autho­riz­ing a third-par­ty appli­ca­tion to access your social media accounts. For instance, time-wast­ing Face­book games like Mafia Wars are best avoid­ed alto­geth­er. If you do want to con­nect a game to your account, research its ori­gins and ver­i­fy that the game is cod­ed and dis­trib­uted by a legit­i­mate devel­op­er… before you grant it access.

Final­ly, an adden­dum to the third guide­line: If you pri­mar­i­ly post to Twit­ter or Face­book from a desk­top or mobile appli­ca­tion of some sort (Tweet­Deck, Echo­fon, Hoot­Suite, etc.) make sure those appli­ca­tions are send­ing and retriev­ing data over a secure con­nec­tion. If the appli­ca­tion you’re using does not sup­port HTTPS, find one that does. If you’re not sure, ask the developer.

If you fol­low the above guide­lines in addi­tion to mak­ing the secu­ri­ty of your devices a pri­or­i­ty (ensur­ing all of your com­put­ers have a fire­wall and antivirus suite installed, requir­ing pass­words after peri­ods of inac­tiv­i­ty, enabling remote wipe capa­bil­i­ty on your smart­phone, etc.) you’ll be bet­ter pro­tect­ed against hack­ing attempts.

Most peo­ple have no idea how unpro­tect­ed they are — take action to pro­tect your own social media accounts and make time to help oth­ers do the same.

Adjacent posts

  • Enjoyed what you just read? Make a donation

    Thank you for read­ing The Cas­ca­dia Advo­cate, the North­west Pro­gres­sive Insti­tute’s jour­nal of world, nation­al, and local politics.

    Found­ed in March of 2004, The Cas­ca­dia Advo­cate has been help­ing peo­ple through­out the Pacif­ic North­west and beyond make sense of cur­rent events with rig­or­ous analy­sis and thought-pro­vok­ing com­men­tary for more than fif­teen years. The Cas­ca­dia Advo­cate is fund­ed by read­ers like you and trust­ed spon­sors. We don’t run ads or pub­lish con­tent in exchange for money.

    Help us keep The Cas­ca­dia Advo­cate edi­to­ri­al­ly inde­pen­dent and freely avail­able to all by becom­ing a mem­ber of the North­west Pro­gres­sive Insti­tute today. Or make a dona­tion to sus­tain our essen­tial research and advo­ca­cy journalism.

    Your con­tri­bu­tion will allow us to con­tin­ue bring­ing you fea­tures like Last Week In Con­gress, live cov­er­age of events like Net­roots Nation or the Demo­c­ra­t­ic Nation­al Con­ven­tion, and reviews of books and doc­u­men­tary films.

    Become an NPI mem­ber Make a one-time donation


  1. HTTPS Every­where kept freez­ing my brows­er, so I unin­stalled it. Prob­lem solved. I use AVG and sev­er­al oth­er safe­guards, and am very care­ful where I click, and so I have nev­er suf­fered a mal­ware attack.

    # by ivan :: September 13th, 2011 at 11:26 AM
    • That’s weird. I’ve nev­er expe­ri­enced that problem. 

      It’s very pos­si­ble that it was due to a soft­ware con­flict. Soft­ware con­flicts are not uncom­mon, espe­cial­ly in Microsoft Win­dows. Anoth­er rea­son why I use Kubuntu. 🙂

      # by Andrew :: September 13th, 2011 at 5:05 PM
  2. I com­plete­ly agree that it is so impor­tant for every­one to under­stand and par­tic­i­pate in their own secu­ri­ty when online. And with the influx of devices, there is a unique oppor­tu­ni­ty for orga­ni­za­tions and users to eas­i­ly safe­guard them­selves with two-fac­tor authen­ti­ca­tion, which in some cas­es can be used on social net­works. At Syman­tec, we think that stay­ing safe online requires vig­i­lance and edu­ca­tion on the part of the user, so posts like this are very help­ful. Also, to your point on HTTPS: it absolute­ly needs to be turned on when­ev­er inputting per­son­al infor­ma­tion. Users should also look for the green address bar, which indi­cates extend­ed val­i­da­tion SSL (EV SSL), which under­goes the strictest vet­ting stan­dards on the Internet.

    # by Brendon Wilson :: September 14th, 2011 at 7:26 AM
  3. Great post I must say. Your guide­lines amount to fair­ly sim­ple advice, but they’re valu­able, con­sid­er­ing that peo­ple treat their own per­son­al online secu­ri­ty as an after­thought. Looks like you do won­der­ful work — I’ll be shar­ing this post with my friends.

    # by Meteireann :: October 1st, 2011 at 9:06 PM