How to secure your accounts

One thing first: For those who have neither the time nor the motivation to check and correct the security settings of their social media accounts in detail, we recommend at least two-factor authentication (2FA). It combines the user's own secure password, the only one used for this purpose (!), with another security function - for example, a code sent via SMS or generated by app, or a physical key. Anyone who wants to crack the account therefore needs the password plus an addition that the user sets himself. It is unlikely that an attacker will have both at his disposal, and it will withstand initial attacks.

Sophos has summarized the most important settings for more security on Instagram, Facebook and Twitter:

Security for Instagram

Generally, it is better to use the Insta app instead of logging in via browser. The 2FA setup requires a few steps, so here is a brief guide:

1. Logging in to the profile (via app)
2. Go to the profile settings (the person silhouette icon at the bottom right).
3. Open the dop-down menu at the top right and click "Settings".
4. Scroll down to Privacy and Security and open.
5. Under security you will find the two-factor authentication.
6. Instagram offers a choice of methods: text-based 2FA and app-based. The latter is recommended.
7. Choose between text message and authentication app: safer is the latter. Digression: You need to install a free app like Google Authenticator or Duo Mobile App to complete the initial 2FA setup on Insta. Do not uninstall the app, you will need it to log in to Insta after this process.
8. Continue with the 2FA: After clicking on "Authentication app" you will be prompted that Insta now automatically works with it, so just click "Yes".
9. The phone will now switch to the authentication app to verify the Insta username settings. "Yes" click. Now comes a 6-digit code. Remember or copy this, switch to Insta and enter it as the "Confirmation Code". Instagram then confirms that the app-based 2FA is set up.
10. Almost done: The next step is a recovery code, useful in case of cell phone loss, for example. Problem: in the wrong hands, this code can undermine 2FA protection, so keep it safely hidden.
11. Once 2FA authentication is set up, Instagram sends another confirmation email. Done!

Security for Facebook

As a general rule, a secure password is the first important step.

2FA: Facebook guides you well through the individual process steps. It is recommended not to identify yourself via text message (easiest way, but not as secure), but with a code via authentication app (a bit more setup work). The network also supports U2F keys like YubiKey, for those who mainly use Facebook with a PC.

1. Desktop Setup: Settings -> Security and Login -> Click Two-Factor Authentication, Edit and Start.

2. App Setup: Open Privacy Shortcuts from the dop-down menu below -> Account Security -> tap "Use Two-Factor Authentication" -> choose between SMS and Authentication App (the latter recommended).

Login notifications: If someone wants to log into your Facebook account, you can set the system to send a hint.

1. Desktop Setup: Settings -> Security and Loginà Click Extra Security, Edit and "Get alerts about unauthorized logins". Select the way of the alert.

2. App Setup: Open Privacy Shortcuts from the dop-down menu at the bottom -> Account Security -> Click "Get notifications about unauthorized logins".

Check connected apps: When using Facebook, it is best to only connect apps to Facebook that you really need. Therefore, a short check with a cleanup is recommended:

1. Desktop check: Settings -> Apps and websites, now clean out the non-active ones with the app trash bag in hand

2. App check: Open settings from the dop-down menu at the bottom -> Security -> Apps and websitesà "Logged in using Facebook" -> remove the inactive ones here.

Minimize the risk of fake friends profiles or malicious links on the wall: It makes sense to limit who you can be contacted or found by, or even see your email and phone number. The recommendation: "Friends of friends".

1. Desktop setup: Settings -> Privacy -> Set preferences on how people are allowed to find and contact you.

2. App setup: Settings from "Dop Down" menu -> Privacy -> Settings -> limit who can contact, when and how.

Locked out? Set backup friends to help: Three to five "trusted contacts" can be designated to regain control of their account (for example, if the account is hacked and now no log-in is possible).

1. Desktop Setup: Settings -> Security and Login -> Settings Extra Security -> "Choose 3 to 5 friends...", then follow the instructions.

2. App Setup: Open Settings from the dop-down menu at the bottom -> Security -> Security and Login -> Settings Extra Security -> "Choose 3 to 5 friends..."

Face recognition: If you don't want Facebook to actively find you and identify you in photos, you can also turn off facial recognition:

1. Desktop Setup: Settings -> Face detection -> No

2. App Setup: Open settings from the dop-down menu at the bottom -> Privacy -> Face recognition -> No

 But: If you want other users not to tag you in photos, you need to set the following:

1. Desktop Setup: Settings -> Timeline and Tagging -> click "On" for both options in the reviews.

2. App Setup: Settings in "Dop Down" menu -> Privacy -> Timeline and Tagging -> scroll down to Review and select "On" for both.

Only friends should see your posts, that is, the people you approve of your network and not just anyone.

1. Desktop Setup: Settings -> Privacy -> Your Activity -> "Who can see your activity", click on Friends and on "Limit past posts" as well.

2. App Setup: Settings under the "Dop Down" menu -> Privacy -> Settings -> Your Activity -> as above for Desktop.

Security for Twitter

Once Instagram and Facebook are done, Twitter should be set securely as well. That won't take five minutes.

2FA: Login -> Profile Icon -> Settings and Privacy -> Login Verification (that's what Twitter calls 2FA). Twitter starts the setup with an SMS, but once you've enabled 2FA, you can also use a physical key or mobile authentication app.

Twitter's open discussion platform is both a blessing and a curse, but there is a good way to protect yourself from spammers and their malware links:

1. Check who can contact you via Direct Message or via public Reply. How to do it: Settingsà Privacy and Security (left side menu) -> De-select "Receive Direct Messages from Everyone".
2. Enable Twitter Quality Filter: Settings -> Select Notifications -> Advanced Settings: Quality Filter
3. Additional settings can be made in the settings, such as mute notification of people without a complete profile.
4. If you want to have control over who reads your tweets, you can show them only to those you have allowed to follow: Settings -> Privacy and Security -> Tweet Privacy -> "Protect your Tweets", this check mark can be changed again at any time.

Check apps connected to Twitter. Was Twitter set up a long time ago? Then it is high time to get rid of the useless apps that you needed to have full access to Twitter back then: Settingsà Apps and Devicesà go through the listing of apps and delete them mercilessly.

The most important rule of all: nothing disappears on the Internet. You should be aware of this with every post, every tweet and every picture, and publish them carefully.

More detailed instructions including screenshots are available from Maria Varmazis on Nacked Security compiled for:

• Instagram
• Facebook
• Twitter