I’ll start with a confession. I lost one of my client’s social media accounts. Big oops.
Typical Steps for Verifying a Login
Social media companies know your account password (obviously) and where you usually log in from. If you enter the wrong password or login from a foreign country, the company has some verification procedures to verify that it’s really you and not a baddie hacker.
Although they differ by site, they may include:
- Sending a password reset to the email address on file
- Sending a text message with a security code to the phone number on file
- Asking some security questions before initiating a password reset
If you are successfully able to answer questions/present verifying evidence, your account access is returned to you. Failing to do so usually means your account will be shut down.
How in the World did You Lose an Account, Stacey?
Good question. It was a combination of lack of documentation in the company, inexperience on my part and just plain bad luck and poor timing.
I was attempting to access my client’s social media account for the first time while overseas (which is an immediate trigger for a social media company’s security, as many hacking attempts come from international servers). Maybe the password I was given was wrong? Or I mistyped it? Fail #1.
Since I couldn’t get in, I began the backup verification procedures. Except the number on file was the company’s headquarters in a different timezone. And the code expired in 30 minutes. Fail #2.
I realized the timezone issue and called the office when it was business hours. Except the main phone line was a landline and couldn’t receive text messages. Fail #3. And of course, you can’t change the phone number if you can’t access the account.
The next day, I contacted the previous social media manager, and that person attempted to get in. So now, here we were, on two continents trying to get in at the same time. And failing. A lot.
Due to the high level of suspicious activity, I was locked out of the account and my claim was escalated to a person. I didn’t think it was an issue because obviously, I had a legitimate explanation.
Here’s the kicker. My appeal for access to the account was denied. Because the name of the account was for a product which differed from the Company Name (think of an account called ‘ShareACoke’ which is owned by Coca-Cola), I was told that none of our official paperwork proved we owned the account. The product listings on the webpage weren’t good enough. I was locked out for good. No more appeals.
Not an Isolated Phenomenon
I was incredibly fortunate that the account wasn’t used frequently and no long-term harm was done. But the issue could have been incredibly serious.
And the current advice to ‘use a different password for each account’ and ‘change your password every 60 days’ only makes losing track of a password more likely.
I’ve heard of account lock-outs and freezes happening across all platforms. The Ravelry Help account was recently suspended from Twitter due to ‘multiple account violations’, which were never specified. Fortunately, the account was restored after much back and forth. But there’s no guarantee it will be or that you’ll get to talk to a real human.
PayPal can freeze accounts for any reason, often citing ‘suspicious activity’. This ‘abnormal account activity’ may be something like receiving too many payments at a time- something anyone who runs a subscription club (that receives hundreds of payments on one day) would consider perfectly normal. And how do you continue to run your business with thousands of dollars locked up or gone forever?
I don’t have a foolproof system to ensure account freezing doesn’t happen (and the issue of cyber and server security is another article entirely), but there are some simple things you can do to minimize your chances.
Tips for Securing Your Accounts
1. Consider a username you can prove. Your full name? Your company name? A name that you have a DBA for? Those are great ideas for usernames, as you will have paperwork to support that you own them. An account like ‘BestCraftInspiration’ is going to be harder to show is yours.
2. Keep records of all of your passwords and personal information. Particularly if you work with multiple people on an account, it should be clear to everyone which phone number and email are the ones officially listed on the account. And obviously, many problems can be avoided by correctly entering your password in the first place.
3. List emails and phone numbers you have access to. I understand the temptation to enter a rarely-used phone number because you’re worried about spammers, but I hope the discussion above has convinced you that you need to list information that is up-to-date and easily accessed.
4. If you are denied access, take a step back. Security alerts are heightened by multiple failed attempts. If you initially fail to access your account, pause. See if you have the password written down. It’s an anxious time, and it’s tempting to keep trying passwords to hurry up and get in, but this can create a more serious issue.
5. Try using a familiar device. If you are being flagged for logging in on a new device (and you’re having password trouble), attempt to log in on your ‘home’ device where the IP address is recognized or you may have auto-saved the password.
6. Diversify to ensure an issue won’t ruin your business. Know that Twitter, facebook, Etsy, Instagram and PayPal are all services that can terminate your account at any time. Therefore, it’s wise to design your business so that you’re not overly reliant on any one site for functioning. Be mindful of how much fluid cash you keep in your PayPal account- you want to be able to operate without it.