An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#25375 - 03/13/13 10:28 AM Is changing your password enough on Social Media?
kevs Offline


Registered: 12/07/09
New variant, from last thread:
I'm going to have people handing social media for me:
facebook, linkedin etc.
If I change my password, am I safe?
Is this the employee who last had the email and user name out of my life?
Or can't they just later request a new password as I did?

Top
#25376 - 03/13/13 01:01 PM Re: Is changing your password enough on Social Media? [Re: kevs]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
A person who has your password can potentially hijack your account with little you can do about it. You can change the password, but when they had it, it would be possible for them to change the email on the account to an address they control, so they could just change it back.

Now, if you change your password AND you verify the email address on the account is an email address you control, then you're pretty safe, providing they haven't added another way to change the password. (Some social media sites allow you to set a new password by sending a text message to a phone number on the account or by adding security questions to the account.)

So in short: Changing the password is not enough. You need to examine the account very closely, to make sure that the email addresses associated with the account belong to you, and if the account allows password reset by SMS or security questions you need to make sure that those belong to you as well.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#25378 - 03/13/13 02:08 PM Re: Is changing your password enough on Social Media? [Re: tacit]
kevs Offline


Registered: 12/07/09
TACIT,
thanks, let me clearify.
I own the email account.
So I forgot about that!

Listen, the intern or person I hire, is not generally going to sabotage me (if at all ever), until probably day, or a week or two after they leave. But the minute they leave or are replaced, then I'll change the password, and I should then be ok, because after that point, only I have the mail account to receive the new password? ... (correct?)

Top
#25379 - 03/13/13 02:26 PM Re: Is changing your password enough on Social Media? [Re: kevs]
artie505 Online


Registered: 08/04/09
> Listen, the intern or person I hire, is not generally going to sabotage me (if at all ever), until probably day, or a week or two after they leave.

That's merely an assumption from which you've got nothing to gain and much to lose!
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#25384 - 03/14/13 01:05 PM Re: Is changing your password enough on Social Media? [Re: kevs]
Ira L Online


Registered: 08/13/09
Loc: California
Not every password change results in a new password being e-mailed to you. Sometimes you get a confirmation that it was changed, sometimes you change it at the site in question and that's the end of it.

To add to the paranoia (?), your intern could change your password, and if the site is one that does not e-mail a new password to you, then s/he owns your account!
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#25385 - 03/14/13 01:24 PM Re: Is changing your password enough on Social Media? [Re: Ira L]
kevs Offline


Registered: 12/07/09
Ira, wow, I think that's pretty rare, especially for major social media sites.

Top
#25386 - 03/14/13 01:46 PM Re: Is changing your password enough on Social Media? [Re: kevs]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I don't know about Linkedin, but Facebook and Google+ allow you to set up a "page" or "group" such that you are the owner but other persons (accounts) can be defined as having privileges you specify. That way your intern/employee could maintain the page and when they leave you can simply turn off their access. They never need to know or use your password and you can turn off their access like a light switch. Even better, it allows you to have a public or business presence that is separate from your personal presence.

The trick/difficulty with Facebook is keeping track of their almost constantly evolving/changing privacy rules and settings. But if you have any regard whatsoever for your own privacy and security you should be staying on top of that anyway.
_________________________
joemikeb • moderator

Top
#25387 - 03/14/13 01:50 PM Re: Is changing your password enough on Social Media? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
thanks Joe, never heard of that, but will mention it to the SM people I hire. I'm not sure how one turns off their access, but I'll look into that!

Top
#25388 - 03/14/13 02:00 PM Re: Is changing your password enough on Social Media? [Re: kevs]
artie505 Online


Registered: 08/04/09
I don't know from social media sites, but I recently changed my password at Chase Bank and did NOT get a confirmatory e-mail.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top

Moderator:  alternaut, dianne, MacManiac