Is changing your password enough on Social Media?

New variant, from last thread:
I'm going to have people handing social media for me:
facebook, linkedin etc.
If I change my password, am I safe?
Is this the employee who last had the email and user name out of my life?
Or can't they just later request a new password as I did?

A person who has your password can potentially hijack your account with little you can do about it. You can change the password, but when they had it, it would be possible for them to change the email on the account to an address they control, so they could just change it back.

Now, if you change your password AND you verify the email address on the account is an email address you control, then you're pretty safe, providing they haven't added another way to change the password. (Some social media sites allow you to set a new password by sending a text message to a phone number on the account or by adding security questions to the account.)

So in short: Changing the password is not enough. You need to examine the account very closely, to make sure that the email addresses associated with the account belong to you, and if the account allows password reset by SMS or security questions you need to make sure that those belong to you as well.

TACIT,
thanks, let me clearify.
I own the email account.
So I forgot about that!

Listen, the intern or person I hire, is not generally going to sabotage me (if at all ever), until probably day, or a week or two after they leave. But the minute they leave or are replaced, then I'll change the password, and I should then be ok, because after that point, only I have the mail account to receive the new password? ... (correct?)

> Listen, the intern or person I hire, is not generally going to sabotage me (if at all ever), until probably day, or a week or two after they leave.

That's merely an assumption from which you've got nothing to gain and much to lose!

Not every password change results in a new password being e-mailed to you. Sometimes you get a confirmation that it was changed, sometimes you change it at the site in question and that's the end of it.

To add to the paranoia (?), your intern could change your password, and if the site is one that does not e-mail a new password to you, then s/he owns your account!

Ira, wow, I think that's pretty rare, especially for major social media sites.

I don't know about Linkedin, but Facebook and Google+ allow you to set up a "page" or "group" such that you are the owner but other persons (accounts) can be defined as having privileges you specify. That way your intern/employee could maintain the page and when they leave you can simply turn off their access. They never need to know or use your password and you can turn off their access like a light switch. Even better, it allows you to have a public or business presence that is separate from your personal presence.

The trick/difficulty with Facebook is keeping track of their almost constantly evolving/changing privacy rules and settings. But if you have any regard whatsoever for your own privacy and security you should be staying on top of that anyway.

thanks Joe, never heard of that, but will mention it to the SM people I hire. I'm not sure how one turns off their access, but I'll look into that!

I don't know from social media sites, but I recently changed my password at Chase Bank and did NOT get a confirmatory e-mail.