Tips to keep hackers out of your Facebook and Twitter accounts

With hackers trying to get in to everyone’s business, it is important to secure your social media accounts. Some mistakes could put you at risk but it isn't just a theoretical threat.

Pranksters, vandals, and malicious attackers all look for ways to get into any legitimate account they can.

So while you don't need to hide in a hole, there are some worthwhile and easy steps you can take to keep your accounts from being hijacked. Here are six ways to keep yourself safe.

1. Make the most of your device’s lock screen – Set all of your computing devices to lock quickly when you stop using them so you have protection from physical attacks.

Always try and use a strong passcode or biometric to guard devices.

If the unlock code for your phone is your birthday, you're not making it that difficult for someone to break in.

2. Use a strong, unique password and two-factor authentication – One of the easiest ways someone can get into your account is by acquiring leaked credentials, and trying those email and password combinations across on other services.

That threat goes away if you use different passwords across all of your accounts.

It is also important to require a second code, or "factor," to log into accounts, meaning that even if an attacker gets your password, they'd also need control of a second device—usually your smartphone—to break in.

To add two-factor authentication on Facebook, go to Settings > Security and Login > Two-Factor Authentication. Then enter your password to confirm that you want to make changes, and set two-factor to "On."

To add it on Twitter, go to Settings and Privacy > Account. In the Security subsection, click on Review your login verification methods. After entering your password you'll land on a Login verification screen where you can make the same choices about how and where to receive codes.

3. Remote control – Facebook has a few options to help keep on top of who's accessing your account, and where. Under Settings > Security and Login, you can see all the devices your account is logged in on, and where they are.

See something you don't recognise, or a device you've lost track of? The right-hand icon gives you the option of logging out remotely, or reporting it as an imposter. From there, scroll down to ‘Get alerts about unrecognised logins’, and turn it on.

That way, you'll get a notification via Messenger, email, or Facebook that someone has logged into your account from an unrecognised browser.

4. Limit third-party permissions – Though it would be difficult for an attacker to take over one of your social media accounts through a third-party service that has some access, it's worth checking out what you've approved to ensure that there's nothing fishy in the list, and remove old plugins that you no longer need.

You could have granted them permission to gather more data than you think. That's not a hack, exactly, but it's still invasive.

On Facebook, go to Settings > Apps and Websites to view and manage the outside services that have some access to your Facebook account. On Twitter, go to Settings and Privacy > Apps to see and edit the list.

5. Check device permissions – Also check the permissions services like Facebook and Twitter have on each of your devices.

You might have blocked Facebook from accessing your location on your smartphone, but accidentally allowed it on your tablet.

This data should be safe on accounts that are guarded by a strong password and two-factor authentication, but if you don't want a service gathering it you might as well turn it off.

On Android, go to Settings > Apps, then click the upper-right menu icon, and tap App permissions. On iOS go to Settings > Privacy to manage which services have access to which parts of your phone. And also in Settings scroll down to double check the permissions listed for each service you use.

6. Self-edit – It is always good to consider to limit the amount of personal data you put in social media accounts. Avoid opening accounts you don't need and shut down old ones you no longer use to get your accounts under control.

There is no such thing as perfect security, but at least you will have the peace of mind knowing you did everything you could and made it as hard as possible for hackers to get into your accounts.