Secure Social Media Accounts: UK Checklist
Secure social accounts by tightening privacy settings, enabling 2-step verification, and using unique passwords so one breach doesn't cascade into total account takeover.
Social accounts are frequently targeted for takeover and impersonation, amplifying harm through scams sent to your contacts and reputation damage. This guide is for UK users who rely on platforms for messaging, business pages, and community groups. It provides a short hardening checklist plus an incident plan aligned with NCSC recovery guidance.
Immediate hardening checklist
- Use a unique password and enable 2-step verification.
- Review recovery settings (email, phone) and remove weak options.
- Check active sessions and log out unfamiliar devices.
The takeover risk in plain English
Criminals compromise social accounts to impersonate you, send scams to your contacts, access linked accounts (e.g. "login with Facebook"), or damage your reputation. NCSC social media guidance emphasises managing security and privacy settings. Once an account is taken, harm spreads quickly because your friends and followers may trust messages that appear to come from you.
Immediate hardening checklist
- Unique password: Use a strong, unique password via a password manager—not one you use elsewhere.
- 2-step verification (2SV): NCSC 2SV guidance places 2-step verification in account security settings. Prefer app-based codes over SMS where possible (see SIM swap risks).
- Recovery settings: Ensure recovery email and phone are correct; remove options you no longer use.
- Session review: Check active sessions and log out any you don't recognise.
Privacy settings that also improve security
Tighten who can see your profile, contacts, and posts. Reducing doxxable data limits attack surface for social engineering. Restrict who can send you friend requests or message you.
If your social account is hacked
Follow the platform's recovery flow (usually via "forgot password" or account recovery). Use the NCSC recovering hacked accounts infographic for steps. Once back in, change the password, enable 2SV, revoke app access you don't recognise, and warn contacts to treat recent messages from you as suspicious.
Prevent re-hacking
Keep devices updated, remove suspicious third-party apps linked to the account, and enable stronger sign-in controls. See our credential stuffing guide for why unique passwords matter.
Frequently asked questions
- What's the single best improvement for social account security?
- Turn on 2-step verification and use a unique password.
- How can I tell if my account was hacked?
- Look for unusual logins, security setting changes, or messages you didn't send.
- What should I tell friends/followers after a takeover?
- Warn them to treat recent messages as suspicious and not to click links you sent while compromised.