Due to recent events on an unnamed social network, swathes of users have been switching social networks. This has led to some easy targets for hackers and phishers as people setup new accounts. I'm putting together a few tips to help try to keep yourself off the victims list.

PASSWORDS: Passwords are the #1 weakpoint for every account. Your password should NOT be something simple like "Password", "letmein" or "hello". It should contain upper case letters, lower case letters, numbers and (ideally) symbols.

So instead of "password", you could use "P@sSw0r6!". Use a password generator. Password managers often provide this as part of the app, or you can use something like [www.lastpass.com/features/...](https://www.lastpass.com/features/password-generator) if you don't want to use the app version.

PASSWORD MANAGEMENT: Use a password manager to save the password so you don't have to remember so many. Many of them are free and include password generators (definitely use the password generators).

Examples include LastPass, 1Password, BitWarden, and Dashlane, though be wary about LastPass; they recently revealed they were hacked: [www.theregister.com/2022/12/2...](https://www.theregister.com/2022/12/23/lastpass_attack_update/)

ACCOUNT CARE: Never give, share, or change your password or any private profile information just because someone tells you to, including people you may seemingly know

As a case in point, on Instagram someone I had friended many months ago, suddenly tried to get me to change the email address on my account (I didn't, and blocked and reported that account as I knew at that point that the account had been hacked).

MFA: MFA (Multi-Factor Authentication) are additional ways to authenticate yourself to a service. The concept comes from the different "factors" of proving your identity: something you KNOW, something you HAVE, and something you ARE (fingerprint, palm print, iris scan, etc).

2-Factor authentication (2FA) is normally 2 of the three factors.

Most commonly the something you KNOW and something you HAVE. You can use your phone for this (SMS message); an authentication app such as Google Authenticator or Authy; or something physical like an RSA Keyfob or YubiKey.

The concept is simple: you get a code (normally 6 digits) generated via the app or device; or sent to your phone via SMS, and you enter this into the site during login. Make sure you enable this on the site as soon as you can.

If the site doesn't support it, assume the site is not secure.

MFA BACKUP CODES: When enabling MFA that involves you using a physical device like your phone, you will usually be given a list of backup codes. These are codes you use to get into your account if you have lost/stolen your MFA device.

These codes are ONE-TIME USE codes, so only use them to get into your account if you need to disable MFA because you have a new device.

Make sure you save these backup codes, they may be the only way you can get into your account after your MFA device is lost/stolen, unless you raise tickets with the social network's support team, but from experience, that is never a good use of your time