The Danger of Giving Up Social Media Passwords – So Many Other Services Are Connected Thumbnail
Improving Technical Security 21 February 2017

The Danger of Giving Up Social Media Passwords – So Many Other Services Are Connected

By Dan YorkDirector, Internet Technology

What’s the harm in giving up my Twitter password?“, you might say, “all someone can do is see my direct messages and post a tweet from me, right?

Think again. The reality today is that social media services are used for far more than just posting updates or photos of cats. They also act as “identity providers” allowing us to easily login to other sites and services.

We’ve all seen the “Login with Twitter” or “Continue with Facebook” buttons on various sites. Or for Google or LinkedIn. These offer a tremendous convenience. You can rapidly sign into sites without having to remember yet-another-password.

But…

… if you give your passwords to your social media accounts to someone, they could potentially[1]:

  • Impersonate you on social media accounts and post updates in your name.
  • Sign in to the comment sections of various news media sites and leave comments using your name.
  • Connect in to photo sites and see our photos, and modify or delete the photos, or post new ones in your name.
  • Sign in to e-commerce sites, view your orders and purchase items.
  • Login to video sites and see what videos you have watched, or post new ones to your account.
  • Login to your Medium account, view and change any articles you have written, add new comments as you.
  • Sign in to Goodreads, view all your books, see all the lists of what you want to read, view all your reviews and post reviews in your name.
  • Login to your Spotify account and learn all about what kind of music you like to listen to.

And that’s only a small number of examples.

We live in an era of highly-connected systems. And there are so many systems and services! The convenience of using our social media accounts to login is easy to understand.

But… if you give someone your password to a social media account, or are required to give your social media passwords to someone, you are giving them access to so much more than just that social media service.

What can you do?

1. Don’t give out your social media passwords!

2. Understand where your social media IDs are being used. In both Twitter and Facebook you can go into your “Settings” and choose “Apps” to see where you have granted access. You can revoke access there for sites and services you no longer use.

3. Think about whether you want to continue using your social media IDs in so many places. Does the convenience outweigh the issue of having so many services linked to one identity?

4. Enable 2-Factor Authentication on sites that offer this, which requires a second step beyond just your password to login. These are very easy to use, often using a phone or a small and inexpensive “dongle” that fits on your keyring.[2] Do note that this may not help if you are required by authorities to provide your social media passwords as they may require you provide the device used for two-factor authentication.

5. Use a password manager instead of using your social media ID to login to other sites, which enables you to generate and use very strong passwords and access them all with one master password. There are many excellent free and paid options available for both computers and mobile devices, with a variety of features.

6. Spread the word. Help others understand how critically important our social media passwords are.

P.S. For more ideas, please see

[1] Depending upon how you have configured the service to work.

[2] The FIDO Alliance is a leader in this area, and a list of enabled sites and certified products is available on their site https://fidoalliance.org/adoption/overview/

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...