As I was looking through the “Bizarre and Random Holidays” I noticed that May 5, 2016 was National Password Day. I chuckled to myself picturing a party around that holiday. I mean, who creates these bizarre and mostly irrelevant holidays? Who is the keeper of that gate that opens just once a year? I don’t know that I throw a party around social media passwords, but I know can talk about them whenever I want.
When we begin managing social media accounts and website content for clients, I am always amazed at how many have no idea what their passwords are or who has access to them. There are often multiple accounts set up because someone couldn’t remember the password, or who set it up to recover it, so they just create a new account and leave the old one out there like an abandoned gas station in a ghost town.
Social media channels and websites are a huge part of your brand. You cannot afford to have someone have access who shouldn’t, or to let them shrivel and die out in the abandoned account wilderness, where people will stumble upon it and think you are out of business. Here are 4 beefy tips to help you wrangle those wild passwords:
Create unique passwords
We’ve all heard it—some of the most popular passwords are PASSWORD, 123456, and LETMEIN.
Because you need a different password for each website, social media channel, and account you have, one tip would be to come up with a unique word of phrase, like “FLYINGMONKEYS” and then add a number to that, “88FLYINGMONKEYS” (which now has the making of a nightmare or a classic movie) and for each site you are setting up, take the first and last letters. So, for Facebook, you might have F88flyingmonkeysk, or Fk88flyingmonkeys. Because you only have to remember the 88 creepy monkeys, it is easier. Each year you simply change your single unique word or phrase. If you want to add one more layer, add a symbol to separate your weird phrase and your account initials. Then you might have, F*88flyingmonkeys*k. As long as this is, it is highly secure and, believe it or not, easy to remember.
Create a single document that contains all of your social and digital accounts and the login credentials for each.
Keep this filed in a secure area, whether that is in a specific Dropbox folder that you keep secured, a password protected notebook in a program like Evernote, or in a locked file cabinet. In business, there should be at least one other person who has access to this information in case something happens on an account and you are out of the country, passed out on a beach somewhere.
Consider doing this for your personal accounts as well as letting one other person know about it, in case something happens to you, someone can log in and close your accounts. Not much creepier than getting multiple LinkedIn requests from someone you know, who has passed away. You just may not be ready to link-up with them now. (Read our post on CREATING A DIGITAL WILL)
Build a second wall of security for your highly sensitive accounts.
Logins for your website, your bank accounts or even some of your social channels, might be good candidates for 2-step authentication (the site sends a code or notice to your phone for you to authenticate). If you use Chromes password keeper, then Google has all of your passwords and you would want to have your Google account set up with the 2-step authorization. Since we always seem to have our mobile phones nearby, this isn’t as inconvenient as many think. HOWEVER, if you have someone besides yourself managing your social accounts, every time they need to log in a code is going to be sent to you. You will only have a short period of time to get the code to them and this is a nightmare when you are trying to get work done from a social media manager’s standpoint. So this is why it might be good only for highly sensitive accounts.
Understand which social networks require a single password versus manager or admin status.
Twitter, Instagram, Pinterest all use a single login, so the person or people managing your social channels would need the password. Versus, Facebook Business Pages, LinkedIn Business Pages and Google+ Business Pages or Google My Business, you do not give a password, but instead, you make someone an admin or manager. They login with their own personal profile and access the account from there. This causes fear for many since they assume if they are logging in with their personal profile, the business pages can see their personal updates, which is not the case. There are great security reasons to follow this process, one being it is the correct way that these companies want you using them. Two, they are able to track who performs each task when logged in. For example, if I log into a client’s business page on Monday to remove an employee who is no longer there, Facebook logs “Gina Schreck removed so and so on Monday.” You have record of it. If we all use the same login credentials, you do not know.
(If you need help setting up a Facebook page correctly or fixing the one you have, download our Facebook Guidebook, created just for this.)
I’m not sure why companies feel it is ok to give everyone and their nephew their social media passwords, but these accounts are a direct reflection of your brand and its reputation, and should be guarded more carefully. If someone leaves your organization and had your passwords, take the time to change them all and update your password document.
So don’t wait until next May to get your passwords in order, take some action today to keep your web presence safe and secure. Share your comments and questions on this topic with us below. I’d love to hear from you.
If you’re tired of beating your head against the wall,
DOWNLOAD OUR PASSWORD KEEPER and TIPS