For the last week, we’ve been trying to procure the password for a client’s YouTube account. There’s nothing more aggravating and wasteful of everyone’s time than to do this. The problem was that an employee that solely managed the account abruptly left the company – and not on the best of terms. We did our best as a mediator to try to retrieve the password, but they said they didn’t know what it was anymore.
Of course, Google isn’t too helpful asking verification questions like the month and year you opened the account, the secret question (of the employee that’s no longer there) and then offering to do a text message reset… to the company’s land line that can’t receive them.
At least we know the account is safe and not being accessed. A worst-case scenario would be a hacked account where there’s no means to get it back under the brand’s control. Trust is the critical component of any transaction online, so seeing a brand get hacked can have a dramatic impact. It’s not enough to just excuse it anymore – you need to work to prevent it. Here are 3 ways we recommend avoiding getting your marketing accounts hacked:
- Use Mobile Verification – Mobile verification or 2-step verification is present on virtually every major social site (Twitter, Facebook, Google, LinkedIn). Basically, when you login from a new device (or sometimes any device), you’re sent another code to validate via text message or email. In other words, for someone to change or hack your password on a social account, they would also need access to the mobile phone used for the validation. I use it everywhere I can. If you’ve got several people authenticating to the same account, now you have a central person that’s notified as well.
- Use Third Party Enterprise Apps – Avoid distributing your password to employees or agencies altogether by utilizing a third party application to publish to the account. We like Hootsuite. This way we can add and remove users easily from an account, or get access to a client account, without having to know their password or provide ours. If they somehow hack your third-party account, at least they can’t hi-jack your primary social account! You can also typically track down the intrusion easier to the person who published it and remove their account easily. YouTube actually has the ability for managers, as does Facebook for Business. If an employee or agency leaves… just drop them from the access list.
- Use a Password Manager – Utilization of a tool to manage passwords isn’t just about making it easier to login, it’s about using very strong passwords, different passwords for every service and changing each of them often. We love Dashlane and recommend it highly – they have a browser plugin, mobile application, and great features. They’ll even grade your password selection (or select one for you). We especially love the capability of sharing passwords for websites with limited access. The user can login using Dashlane’s platform but is unable to actually see the password.
Losing access to your social media accounts is embarrassing and an unnecessary headache regardless of whether you’re hacked or an employee quits, or is laid off or fired. The time, effort, and frustration to try to get your account back under control are not worth risking distributing simple passwords for internally and externally. Avoid making it easy by using password managers, two-factor authentication, and enterprise capabilities.