We’ve all felt that moment of panic… logging into a brand account only to realise the password’s been changed, or worse, the account’s been compromised. When you’re juggling multiple client pages, ad accounts, and team members, it’s easy for things to slip through the cracks. But as a social media manager, social media account security is a key part of your role.
Here’s how to keep your accounts secure, your teams aligned, and the panic at bay.
1. Two-Factor Authentication Is Non-Negotiable
Let’s start with the basics: if you’re not using two-factor authentication (2FA), stop reading this and go switch it on. 2FA adds an extra layer of protection by requiring a code sent to your mobile device or app (like Google Authenticator or Duo) in addition to your password. It’s a simple step, but it significantly reduces the risk of unauthorised access, especially if a password gets leaked or reused.
Pro tip: Make sure all users across your business or client team also enable 2FA. One weak link can still cause major problems.
2. Use a Password Manager Like LastPass or 1Password
Remembering dozens of complex passwords can be a challenge. That’s why tools like LastPass, 1Password, or Dashlane are available. These secure, encrypted platforms store and autofill your logins so you don’t have to rely on notebooks or old spreadsheets.
You can also:
- Generate strong, randomised passwords with a click
- Share access with team members without revealing the actual password
- Set up different “vaults” for client accounts, personal accounts, and internal systems
Just make sure your master password is solid (and yes, turn on 2FA for your password manager too).
3. Tidy Up Your Meta Business Portfolio
Meta Business Portfolio can be tricky to adminster (and is always changing!) Here’s what good set-up looks like:
- Regularly audit users and roles: Check who has access and what level of control they have. You’d be surprised how many ex-employees or freelancers still show up as admins months after they’ve left. To find out about the different roles available, visit this page
- Use business roles wisely: Assign roles based on what people actually need. Not everyone should be an admin!
- Use partner access: If you’re managing accounts on behalf of a client, don’t ask them for their personal Facebook login. Instead, get added as a partner business with the appropriate permissions.
Top tip: Set a reminder to review your Business Portfolio users every month.
4. Revoke Access When Someone Leaves
Whether it’s a contractor finishing a project or a team member moving on, one of the most common security gaps is forgetting to revoke access when someone exits the business or changes role.
Use a simple offboarding checklist that includes:
- Removing them from Page Access (Facebook) Business Portfolio (Meta), Campaign Manager (LinkedIn), Company Page admin (LinkedIn), and any other third-party social media management tools
- Revoking access from your password manager
- Updating shared logins if applicable
- Reassigning ownership of any content or scheduled posts
- Notifying any affected clients or teams
5. Set Up Platform-Specific Alerts and Notifications
Many platforms (Meta, Instagram, Twitter/X, LinkedIn) allow you to turn on security alerts.
These notify you of:
- Login attempts from unfamiliar devices or locations
- Changes to passwords or account settings
- Suspicious activity (e.g. sudden unfollows or bulk post deletions)
This gives you a heads-up if anything looks suspicious and allows you to act fast.
6. Update Passwords Regularly
This is a pain, but rotating shared logins every 3–6 months is just good practice. Some IT policies may require you to update passwords more frequently.
Tools like LastPass can automate reminders for this.
If you can’t remember the last time you changed your login to that Instagram account… it is probably time.
7. Document Your Processes (Also Useful in an Emergency!)
Even with password managers and strict access controls, it’s useful to maintain a secure, internal document of access information (just don’t include passwords!)
Make sure you are tracking:
- Which tools are used for which clients?
- Who has admin/editor access to each platform?
- When was access last updated?
It helps with onboarding, offboarding, and accountability.
In case of emergency (crisis), make sure someone else:
- Has access to key platforms and tools
- Can access your password manager if needed
- Knows how to initiate account recovery if 2FA devices are lost