The ultimate 2FA security guide for social media

image of computer and online security locks

The ultimate 2FA security guide for social media is fast becoming a business critical resource

Increasingly – and somewhat alarmingly – we are getting more and more phone calls from people whose social media accounts have been hacked. Whilst I am no cyber security expert, there are some basic things that you can put in place on each platform to save yourself much angst in the future. Creating the ultimate guide for 2FA security of all your accounts has been on my to do list for a while, so I thought I would save you the time and compile them all here in one place so you can get on with securing your digital footprints.

2-Step Verification puts an extra barrier between your business and cybercriminals who try to steal usernames and passwords to access business data. Turning on 2-Step Verification is the single most important action you can take to protect your business.

So we are going to run you through how to enable 2FA  on all the obvious channels

  1. Email
  2. Facebook
  3. Instagram
  4. Twitter
  5. LinkedIn
  6. Snapchat
  7. TikTok

First things first – secure your email

Outlook and Microsoft 2FA guide

While you have two-step verification turned on, every time you sign in to an untrusted device , you’ll get a security code via email or on your phone, making sure you’re you. If you’ve turned off two-step verification, you’ll get and resend security codes periodically, along with any time there’s a risk to your account security. If you don’t want to use email, a phone call, or text, you can use the Microsoft Authenticator app to help strengthen your account security and to sign-in without passwords. To turn two-step verification on or off:

Go to Security settings and sign in with your Microsoft account.

Under the Two-step verification section, choose Set up two-step verification to turn it on, or choose Turn off two-step verification to turn it off.

Follow the instructions.

Note: Before you turn on two-step verification, make sure you’ve associated at least three unique security contact email addresses or phone numbers with your account for backup purposes. If you lose your security info and you don’t have a backup contact method available, you can permanently lose your account.

Google Suite 2FA guide

Step 1: Notify users of 2-Step Verification deployment (required)
Before deploying 2-Step Verification, communicate your company’s plans to your users, including:

What is 2-Step Verification and why your company is using it
Whether 2-Step Verification is optional or required
If required, give the date by which users must turn on 2-Step Verification
Which 2-Step Verification method is required or recommended.
For details, go to Best practices for 2-Step Verification.

Step 2: Set up basic 2-Step Verification (required)
Next, let your users turn on 2-Step Verification. By default, users can turn on 2-Step Verification and use any verification method. (G Suite accounts created before December 2016 have 2-Step Verification turned off by default).

Allow users to turn on two step verification

Go to Security > 2 Step Verification.
On the left, select an organizational unit or exception group.
Let users turn on 2-Step Verification and use any verification method, but don’t require 2-Step Verification yet.
Check Allow users to turn on 2-Step Verification.
Select Enforcement > Off.
Click Save.

Tell your users to enroll in two step verification

Provide instructions for enrolling in 2-Step Verification methods: we recommend Google Authenticator app

Step 3: Enforce 2-Step Verification (optional) we recommend
As an administrator, enforcing 2-step verification for your users is an optional step.

Make sure users are enrolled in 2-Step Verification before turning on enforcement. Users who aren’t enrolled can’t sign in to their accounts.

Right now you have ensured your teams have secured the relevant email accounts, making it harder to hack them.

Now let’s get on with securing everything else.

Meta 2FA guide – including Facebook and Instagram

Step One – Start with your business manager account

Before you begin:
Only Business Manager admins can turn on two-factor authentication.

Turn on the two-factor authentication requirement
Start by going to Business Settings.

Click on Business Info.
Scroll down to Business Options.
Click the dropdown menu next to Two-Factor Authentication.
Select “Admins only” or “Everyone” to choose who this requirement applies to; we highly recommend EVERYONE.
To turn off two-factor authentication, choose No one.

After you turn on two-factor authentication, they need to remember your computer and browser info so they recognize it next time you log in. Some browser features block this. If you’ve turned on private browsing or set up your browser to clear your history every time it closes, you might have to enter a code every time you log in. If you use a third-party app to manage the Pages or ad accounts linked to your business, it will ask you to enter a login code the next time you sign in from the app.

If you’ve turned on two-factor authentication and it will prompt you to enter a code for security purposes, you can generate one from your phone.

Step Two – Enable 2FA for your personal Facebook Account

To turn on or manage two-factor authentication:
Go to your Security and Login Settings.
Scroll down to Use two-factor authentication and click Edit.
Choose the security method you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
Tapping your security key on a compatible device.
Login codes from a third party authentication app (recommended)
Text message (SMS) codes from your mobile phone.

Step Three – Enable 2FA for your Instagram accounts (Personal and Business)

To turn on two-factor authentication from the Instagram app:
  • Tap profile or your profile picture in the bottom right to go to your profile.
  • Tap more options in the top right, then tap settingsSettings.
  • Tap Security, then tap Two-factor authentication.
  • Tap Get Started at the bottom.
  • Choose the security method that you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Instagram, you’ll be asked to choose one of two security methods:
You’ll need to have at least one of these set up in order to use two-factor authentication.
Note: After you’ve turned on two-factor authentication, you’ll be able to see login requests, remove trusted devices and access backup codes for your account if you have issues with receiving a recovery code.

LinkedIn 2FA guide

Turning on or off two-step verification on Desktop
Click the Me icon at the top of your LinkedIn homepage.
Select Settings & Privacy from the dropdown.
Under the Login and security section of the Account tab, click Change next to Two-step verification.
Click Turn on or Turn off to change the status of two-step verification.
Note: You may be asked to enter your password for security reasons.
Choose the preferred verification method from the dropdown and click Continue.

Turning on or off two-step verification on mobile
To turn on or off two-step verification:

Tap your profile picture > Settings > Account > Two-step verification.
Tap the toggle to turn two-step verification on or off.
Choose the preferred verification method from the dropdown and click Continue.
Note: You may be asked to enter your password for security reasons.
To set up your preferred verification method, continue to Authenticator App Verification or Phone Number (SMS)

Authenticator App Verification
If you’ve chosen to use app-based verification, follow the steps below:

Install an authenticator app such as Microsoft Authenticator.
Open the app and tap Add Account.
Select Other account on Microsoft Authenticator.
Setup your device by choosing to:
Scan QR Code: Use the Scanning Tool found within the Authenticator App.
Enter the Verification Code: Enter the secret key into the Authenticator App.
Enter the 6-digit verification code generated by your authenticator app to verify your device.

Phone Number (SMS) Verification
If you choose SMS verification, you’ll have to use a mobile phone number associated with your LinkedIn account before you can complete the two-step verification. Add and remove phone numbers on your LinkedIn account at any time.

Select Phone Number (SMS) as a preferred verification method for two-step verification and click Continue in order to receive a 6-digit code sent to your phone.
Once you receive the code sent to your phone, enter it into the box on the device you’re using to sign in.
Click Verify.

Twitter 2FA guide

For Desktop:
Step 1
In the side menu, click More, then click Settings and privacy.

Step 2
Click on Security and account access, and then click Security.

Step 3
Click Two-factor authentication.

Step 4
There are three methods to choose from: Text message, Authentication app, or Security key.

Step 5
Once enrolled, when you log in to your account, you’ll be prompted to provide the two-factor authentication method you used during your previous login, along with your password. You’ll also see the option to Choose a different two-factor authentication method. If you’d like to proceed, simply click the prompt to select a different method. Follow the onscreen instructions to finish logging in.

To sign up via authentication app:
Step 1
Click the checkbox next to Authentication app.
Step 2
Read the overview instructions, then click Start.

Step 3
If prompted, enter your password and click Verify.

Step 4
If you haven’t already, we’ll ask you to confirm an email for your Twitter account: Enter your email address, then click Next. We’ll then send you a confirmation code via email. Back in your Twitter account, enter the code in the prompt, then click Verify.

Step 5
You’ll be prompted to link your authentication app to your Twitter account by scanning a QR code.(If you don’t already have an app installed on your device, you’ll need to download one. You can use any time-based one time password (TOTP) authentication app like Google Authenticator, Authy, Duo Mobile, 1Password, etc.)

Step 6
After you scan the QR code, click Next.

Step 7
Enter the code generated by your authentication app, then click Verify.

Step 8
You’ll see a confirmation screen. Click Got it to finish setup.

To sign up via text message:
Step 1
Click the checkbox next to Text message.

Step 2
Read the overview instructions, then click Next.

Step 3
Enter your password, then click Verify.
Step 4
If you haven’t already, we’ll ask you to confirm an email for your Twitter account: Enter your email address, then click Next. We’ll then send you a confirmation code via email. Back in your Twitter account, enter the code in the prompt, then click Verify.

Note: If you don’t already have a phone number associated with your account, we’ll prompt you to enter it. Additionally you can choose to deselect the option to allow your existing contacts to find you on Twitter.

Step 5
Now we’ll ask you to enter the confirmation code we sent you via text message. Type in the code, You’ll see a confirmation screen with a backup code. We recommend you store a screenshot of the code in case you need it for future use. This will help you access your account if you lose your mobile phone or change your phone number.

Step 6
Click Got it when you’re finished with this screen.

Snapchat 2FA guide

To start using two-factor authentication, you have to do a quick set-up in the Snapchat app.

To set up two-factor authentication:

  1. Tap ⚙️ in My Profile to open Settings
  2. Tap “Two-Factor Authentication”
  3. Tap “Continue” to finish setting it up!

Choose text message or an authenticator app

There are 2 different ways to get your Login Code – from a text message or from a separate app on your phone, called an authenticator app.

Authenticator apps

You can get your Login Codes by using a trusted app like Google Authenticator or Duo. These apps generate single-use codes that only work for a short amount of time.

Authenticator apps are a good choice if you can’t always receive a text message – like if you use Snapchat on a tablet or you travel abroad ✈️

If you lose your device or delete the authenticator app, then you won’t be able to get your Login Codes!

Download an authenticator app.

Text verification

Snapchat can send you Login Codes in text messages to the mobile number that’s linked to your Snapchat account. (Standard messaging and data rates may apply.)

Getting your Login Codes from text messages is convenient, but if you don’t have good mobile service, then you might have trouble!

Why a recovery code is important

A recovery code is a back-up way to log in case you can’t get your Login Code from a text message or your authenticator app.

If you enable two-factor authentication, we strongly recommend that you make a recovery code and keep it in a safe place.

TikTok 2FA Guide

Here’s how to enable two-step verification for your TikTok account:

Open the TikTok app on your mobile phone.
You’ll need to be logged in to set up two-step verification, so log in to your account if you haven’t already.
Tap Profile.
Now tap the hamburger menu button in the top-right corner of your screen.
Tap Security and login.

Tap 2-step verification. It is set to Off by default.
There are three ways to set up two-step verification in TikTok: via SMS, email, or password.

You’ll need to select at least two of these verification methods.

Once set up, if you or anyone logs in from an unrecognized device or third-party app, TikTok will choose the most secure method to verify your identity, based on your current method of logging in.
For this demonstration, select SMS and Email.

This means that TikTok will send a verification code to you via SMS (4-digit code) and email (6-digit code) each time there is a login attempt from an unrecognized device or third-party app.
Now, tap Turn on.
Enter your TikTok password in the space provided and tap Next.
Enter your email address and tap Send code.

TikTok will send you a code to confirm your email address, so make sure to use an account that you can access.

You will receive an email with a 6-digit code. Enter the code in the space provided.

This will automatically enable two-step verification. You will then receive a New account email push notification, informing you that a new email has been added to your account.

If you do not receive the code, check your spam folder. If you still can’t find it, tap on Resend code. Each code is only good for 60 seconds, after which you’ll need to tap resend code.

 

If you would like some assistance with setting up 2fA across all your channels, get in touch with us! We like to start with coffee.

Share article

Simone Douglas

Simone Douglas

Simone is co-founder and Senior Principal Solutions Architect of Social Media AOK. Simone offers over 17 years in corporate management roles encompassing generalist HR recruitment and development of small to large teams across multiple sites, industry sectors and states. Experienced in a variety of social media platforms and their complimentary applications, social media strategy, risk management, disaster recovery and associated HR policies and processes.