Reputation Basics Part 2: Security Checklist (Fiona Lucas)

Fiona Lucas

For basics on maintaining your online reputation, see Part 1:
Reputation Basics For Every Social Media Manager

This checklist is designed to help you improve your clients’ basic security across social media platforms.

General security basics

  • Do not use the same password, EVER!
  • Change your passwords regularly (at least quarterly)
  • If 2FA (two-factor authentication) is available, use it
  • Do not share email addresses/accounts—create an email such as [email protected] or [email protected] to use in a shared environment if necessary
  • For additional security, use a password manager such as Roboform, 1Password, or LastPass, which make it very easy to manage and update passwords as well as audit accounts for password duplication

Facebook security basics

It’s not just personal accounts that may be targeted; page admins are often targeted in attempts to access contacts and data. Making sure we do what we can to try and minimize the risk of a breach or hack is vital.

Facebook personal profiles

  • Use a unique password and don’t share it with anyone else
  • Make it easy to remember (see our tips at the end of this article)
  • Turn on two-factor authentication (see below)
  • Add a trusted friend or family member as a backup to help you should your account be compromised

Tip: Never accept messages asking you to provide a security number to help someone with a hacked account! These are attempts by hackers to access YOUR account, and are not the person they purport to be.

Check your emails regularly to see if there have been attempts to reset your password. If you are using an email login such as Hotmail which you don’t regularly use for email, don’t forget to log in periodically to see if there has been activity.

Facebook will send a six-digit security number when someone is trying to reset your account. If you didn’t ask for it, make sure to click, “I didn’t request this,” and change the password on the account.

Setting up two-factor authentication on Facebook

Facebook app:

  • If you are on the Home tab, tap your small profile photo at the bottom right to open the menu
  • On the Menu page, tap the Settings gear at top right
  • Scroll to Security and tap Security and Login
  • Scroll to Two-factor authentication and tap Use two- factor authentication
  • Turn on

Facebook desktop:

  • Click on your small profile image to the right
  • Click on the Settings & privacy gear
  • Click on the Settings gear
  • Click on Security and login
  • Scroll to Two-factor authentication and turn on

Other 2FA tips:

  • You can use third party authentication apps in addition to phone or email (Google Authenticator and Microsoft both have these)
  • You can also change your password under Security and login info
  • Check where you are logged in: you might find you still show a login from some public wifi you logged into. You can individually close out, or log out of all—however, you will then need to log back into your device.

Facebook page tips:

  • Have a backup admin in case you lose access to your account
  • Download your business page under Page Settings so you have a backup you can rebuild from in the event of a hack

Additional Facebook security resources:
Facebook Privacy Basics

Meta Business Manager security basics

  • In Business Manager, click on Business settings
  • Scroll to Brand Safety and verify your domains
  • Head to Security Center (under Payment Methods in the left menu)
  • Under Security Center, choose if only admins or everyone can turn on two-factor authentication, and make sure all your admins have protected their personal accounts (if you add an editor, manager, etc. to the account, it will show here if someone needs to add 2FA to their account)
  • Add a second admin if you don’t have one
  • You can also verify your business here. This is only required if you are submitting an API for an app. Sometimes it is tricky, as your brand and your business registration must match, especially if using a trading name. In Australia we don’t print the trading name anymore, so if you are a sole trader, it can be difficult to verify.

Instagram security basics

  • Create a unique, strong password (don’t use your Facebook password!)
  • Turn on two-factor authentication (click on the menu from your home page)
  • Tap on Security
  • Tap on Two-factor authentication and turn on
  • You can also access this on the web under Settings, privacy & security

Download a copy of your Instagram data

Instagram app:

  • Click on the menu
  • Choose Your activity
  • Scroll down to Download your information

Instagram desktop:

  • Go to
  • Log into your account
  • Click Settings
  • Click Privacy and security
  • Scroll to Data download and submit a request


Initially, most privacy settings on WhatsApp were automatic. But just before this post was due to be published, Mark Zuckerberg—possibly in response to recent scams on the app—has announced some new changes that will be coming soon.

Three new WhatsApp privacy features:

  • Leave groups silently (reminds me of Clubhouse)
  • Choose who can see when you are online
  • Screenshot blocking for “view once” messages

WhatsApp Security Basics

  • Enable Touch ID, FaceID, or Android Fingertip to secure your account
  • Activate two-factor authentication
  • Work through the customization settings according to your needs.
  • Change your settings
  • Never be afraid to block users if you don’t know them or have a negative experience with them
  • Be wary of messages that look different to those you normally receive

Tip: Be wary of any requests for money, even from friends or family. Scammers gonna scam. Contact your family member or friend outside of the app or ask questions that only that person would know. I prefer asking separately, as needing help in my mind necessitates a conversation.

Two-factor authentication on WhatsApp:

  • Open Settings
  • Account > Two-step verification > Enable
  • Enter a six-digit PIN of your choice and confirm it
  • Provide an email address you can access, or tap Skip if you don’t want to add an email address. It is highly recommended to add an email address, as this allows you to reset two-step authentication and helps safeguard your account
  • Tap Next
  • Confirm the email address and tap Save or Done

If you don’t add an email address and you forget your PIN, you’ll have to wait 7 days before you can reset it. WhatsApp will prompt you to periodically enter your PIN to help you remember it. At the time of writing there isn’t an option to disable this without disabling the two-step authentication feature.

Additional WhatsApp security resources:

TikTok security basics

I do want to make a statement here that there have been concerns about what data is being collected by TikTok and who has access to those servers. There is still a lack of disclosure and rather “opaque” transparency (is that possible? Bit of an oxymoron really, isn’t it?). So do be mindful of what is shared on TikTok. The default account privacy setting is Public for users over 16 years old.

Interestingly, despite having introduced two-factor authentication, they didn’t make it easy to find information on how to set it up.

Two-factor authentication on TikTok:

  • Tap on the “hamburger” menu (three horizontal menu lines) at the top right of your account
  • Choose Settings and privacy
  • Choose Security and login
  • Two-step verification: you must have at least two methods, generally a phone number and email will be suggested; tap to get a red tick
  • Click Turn On at the bottom of the form
  • I recommend you explore the settings and check things such as security alerts and devices which are connected, as well as any third party apps you may have connected to your account.
  • I highly recommend adding a password to your account—and, as with all passwords, make a note to change them at least quarterly.

Additional TikTok security resources:
Safety Center | TikTok

Twitter security basics

Two-factor authentication on Twitter

Twitter app:

  • Tap on your profile icon
  • Scroll to Settings and Support
  • Tap on Settings and privacy
  • Tap on Security and account access
  • Tap on Security
  • Tap on Two-factor authentication and turn on (generally used via text message)

Twitter desktop

  • From the home screen choose More
  • Click on Settings and privacy
  • Click on Security and account access
  • Click on Security
  • Click on Two-factor authentication and choose from text message, authentication app, or security key (if you have this device)

Website Security

I highly recommend adding two-factor authentication to your website.

WordPress has plugins for this, as does Wix.

Tips for creating passwords

  • Strong: has a combination of letters, numbers, and special characters such as $#!
  • Unique (don’t repeat the same one across accounts)
  • Make them longer: 10-12 character combinations of letters, numbers, and special characters (not emojis or accented letters)
  • Avoid words that people might easily associate with you such as the names of your partner/spouse, children, or pets
  • Use part of a lyric, poem or favorite quote or movie (i.e. Lif3ofBr!an2)
  • Note in your diary to change your passwords several times a year (at least quarterly)
  • Don’t write them on sticky notes and stick to the wall (many do!)
  • If you need to write them down, do so in a book which you can lock away—don’t keep it at your desk
  • To make it easier, use a password manager such as Roboform, 1Password, or LastPass

A password manager lets you create one password to access the manager, but will create unique passwords for accounts. Most will let you run an audit to see if you are using the same password anywhere else so you can go and change it. You may get warnings about compromised emails; I do suggest you change passwords whenever you get such a warning.

You can check if your emails have been breached (exposed to the public) by using the site

I must say that it can be eye-opening to see how many places have had breaches and may not have informed you. However, DON’T PANIC! A breach isn’t necessarily a hack.

You may also find a number of places your email appears that you never signed up to. (They do promote their link to 1Password, but you don’t need to follow that, just have a look at what comes up for your email address). Businesses including Canva, Tumblr, Animoto and many others have had records breached at some time or another. Many have introduced two-factor authentication in response.
If you want to know about the legitimacy of HIBP, check out this article from Malwarebytes:

Tip: With any app, always download from the original store (Google Play, Apple App Store) and make sure you are downloading the official app rather than a copycat.

I hope you find this checklist useful.

Have you got a favorite tip for creating passwords? Let me know.

Also see:

Fiona Lucas @fiona1
Hi I am Fiona -(Fi) :blush:Im an author, social media strategist and online community strategist and consultant. I help you make sense of social and humanise your brand .
TikTok: @filucas_irespectonline

Tell Us Below:

Do you use two-factor authorization everywhere?

1 Like

absolutely I do, and a password manager. I hope this list is useful for clients too.


Someone asked what authenticator app I use. I. use the Google Authenticator in the most part whenever that option is available. There is a Microsoft one available. as well. My only experience that was negative was when I first starting using the app many years ago, I didnt take notice of what do to when changing devices and had a bit of an issue getting it set up again. Its not so hard now but don’t delete it from your old phone until you set it up.

1 Like

Another tip is that if some password managers such as Roboform include their own authentication… this can be great because you dont need to open a second app and if you lose your device it isnt an issue to set up again.

1 Like