Protect Your Social Passwords with Two-Step Verification

It’s not all fun and games when it comes to your favorite social media sites. Many of the top sites such as Facebook and Twitter are used for entertainment and leisure, but they also store vital information identity thieves would love to get their hands on and disrupt your online life.

For instance, personal login information alone gives an identity thief or spammer unlimited control to post and connect on your behalf as well as unfettered access to data you assume are private details. In many cases it will also give them access to other online accounts as most consumers tend to use the same username and password combination with several websites. To help minimize the potential of a being a victim, use a strong password that is at least 10 characters in length with a mix of upper and lower case letters, numbers and symbols is an effective way to keep hackers at bay. However, this does not guarantee a secure account.

How can you enhance security on social media?

When possible, use two-step verification on all social media sites that offer it. Two-step verification is an extra layer of security that’s easy to use and essential for all of your sensitive accounts. I recently wrote about using two-step verification for securing access to everyday sites used for business, shopping and other daily activities. However, not many people consider that protecting your social media profile can be just as crucial as locking down a banking or medical accounts.

Let’s walk through some steps you can take on the leading social media sites to protect your identity.


Depending on how much you choose to share, your Facebook profile alone can include your full name, email, phone number, school names, family members, upcoming events, pets, friends, past employment history, favorite films, books and so much more. Facebook is virtual goldmine for identity thieves looking for background information or possible passwords to your other accounts.

Facebook uses Login Approval as a version of two-step verification. Essentially, when logging in from an unknown browser, you’ll be required to enter a passcode that will be sent to your phone before gaining access to your account. To enable Login Approval:

  • Go to Settings > Security > Login Approvals
  • Enter your mobile phone number

Once enabled, Facebook texts you a security code every time someone tries to access your account from an unknown browser.


Twitter is the most recent social media platform to offer two-step verification, and introduced the new feature after a number of high profile accounts were hacked in May. Before you can set up two-step verification on Twitter, you must add a phone number and verified email address to your Twitter profile. You will need to have these on file in order for Twitter to send you authentication codes so that you can access the app through your mobile devices.

Once you have your profile information in place, log onto your Twitter account, and follow these steps to initiate two-step verification:

  • Click the gear icon at the top right corner of the page and select Settings from the dropdown menu.
  • Select Account Security and check a box that reads, “Require a verification code when I sign in.”
  • Save your settings.

After setup is complete, you will be sent a text message (including a six-digit authentication code) the next time you log in. You will be required to use the code to create a temporary password that will allow you to access Twitter on other devices in the future.


LinkedIn also has a two-step verification process that requires you to enter a numeric code when logging in from an unrecognized site or device. Once you log in, the code will be sent to your phone as a text message and you’ll enter that to an authentication box for access. This can be set up by:

  • Selecting the Account & Settings tab from the dropdown menu on your profile icon in the top-right corner of the screen.
  • Click on Privacy & Settings and then click the Account tab.
  • Select Manage security settings.
  • Under Security Settings, select to turn on Two-Step Verification. (Some LinkedIn applications will not be available once this option is turned on.)
  • You will be prompted to enter a phone number where you would like to receive a text message with an authentication code.
  • Enter the security code sent to your phone into the empty box on the screen and press the Verify button.


Google+ accounts have access to a mass of data, including your search options, history, online docs, email, and social feeds, all tied to your Google account, which poses a huge security issue if hacked. Again, access your Settings menu for added security across your Google account with two-step verification.

  • From your Google+ profile page: Click the house dropdown menu on the far left of the screen. Select Settings > Accounts > Change account settings and click on the link that says “Google Account settings.” In the left-hand column, click Security and select the second option: “Enabling two-step verification.”

Furthermore, your Google profile often shares information with third-party sites across the web, revealing a number of personal details including: your name, address, country of residence, contacts, calendar, even your online photos through Picassa. Making items non-sharable from the Security page provides additional protection. Revoke Access to each website to disconnect individual permissions. Facebook does this as well by asking for permissions before sharing with third-party apps. You can revoke access to these at anytime in the Privacy Settings menu located under the gear icon at the top right of the page. Select Apps and then simply click on which apps you’d like to discontinue having access to your Facebook information.

Finally, across all of your social media accounts be on the lookout for untrustworthy links or phishing schemes. Identity thieves and hackers will try to trick you into giving up your account logins through phony messages or emails that appear to be from your trusted social media services.

via Sprout Social

In short, keep yourself safe in the social media world by sticking to the following tips from McAfee:

  • Double check the URL of any pages you enter your login information, especially when using third-party apps or websites.
  • Protect third-party apps with additional secure logins.
  • Be cautious of social media messages that include suspicious links. Before you click, verify if the message is indeed from the social media site it claims.
  • Keep your browser and operating system up to date with any updates and security patches.
  • Use comprehensive security software that uses a password manager to simplify and automate your logins, such as McAfee LiveSafe™ service, which— protects all your devices, your identity and your data.


Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top