Social networks allow you to communicate with family, friends, colleagues and acquaintances, share your photos and videos, and much more. However, you must not underestimate the dangers of social networks, for example from those who commit identity theft or attempt to uncover private information. We have some easy-to-implement BSI tips that you can follow to secure your online social life.

The top 3 basic tips: Simple ways to secure your social media

1. Top of the list, secure passwords!

Use unique and complex passwords for logging into social networks. A secure password should meet the following criteria:
You must be able to remember the password easily.

• The longer the password, the better. The password should be at least eight characters.
• Passwords can usually contain all of the available characters, namely upper- and lower-case, numbers and special characters.
• The full password should not be a word in the dictionary. Common sequences of numbers or keyboard sequences also cannot be considered secure when it comes to passwords.
• Simply adding numbers or special symbols before or after normal words is not recommended.
• A password manager can make it easier to deal with your various passwords. These are applications that can manage secure passwords for your online and user accounts and can also generate them. You need what is referred to as a master password in order to use it. This is what you use to access your password manager. You should therefore make sure that it is a secure password that you can remember. Under no circumstances should you give your password to third parties.

2. Double-locking: Two-factor authentication

Use two-factor authentication to access your user account for social networks. What does mean? The first factor may, for example, be a secure password. The second factor for additional authentication may, for example, be a hardware component to act as a key. This could be your smartphone, a chip-and-pin card or a special USB stick. A one-time-code system sent by providers is another common solution. This provides significantly better protection for your user account because criminals that have your password still cannot log into your account without the second factor.

3. Keep you eyes open: Do not click on links or buttons without thinking!

Online criminals use social networks to entice users with posts or links in chats to manipulated websites that they can use to get hold of the recipient's log-in details or to infect their devices with malware. Careless clicking can lead to malware being installed on your device. Be particularly wary when you receive messages from strangers and do not click on any links. The profiles of contacts that you do know can also be misused if, for example, third parties have gained access to them via identity theft.

Further important tips, including on device protection and privacy

Be careful when installing apps, add-ons and plug-ins

Many social networks allow you to install applications from third-party providers, such as games. Depending on the network, these are referred to as apps, add-ons or plug-ins. Together they provide you with everything you need to equip your profile with additional functions or to adjust it your personal requirements. However, these apps can also be created or hijacked by online criminals, and then used to gain access to your profile. You should therefore check the trustworthiness of providers and sources.

Protect your mobile device

Social networks are often used on mobile devices like smartphones or tablets. You should therefore ensure you have strong basic protection in place for your software and hardware. Operators or third-party providers make apps available to access these networks. These can often access sensitive data stored on the mobile device. This includes the address book, photos, videos or location data. In addition, you are generally continuously logged into the social network automatically through these apps. If you lose your device, this can be abused by the finder or thief pretending to be you. You should therefore protect access to your mobile device using a lock code, a PIN or password, your fingerprint or facial recognition.

Further information on basic protection of mobile devices.

Be selective with contact requests

Identity theft is one of the risks of the digital era. Criminals take on the identity of another person in order to pretend to be them, communicate in their name or perhaps misuse the identity for criminal activities or illegal online transactions. Often they simply need to copy the profile photo and names of an individual and create a new user account. This means the perpetrators may also be people that you know. If you receive dubious contact requests from people you know, check the authenticity of this request outside of any social networks.

Only accept people into your friend or contact list if you are sure that they are authentic user profiles. The age of a profile and the previous posts can be a useful clue here.

Protect your privacy and do not give too much away

Every social network provides a large number of settings to protect your privacy. Use these particularly when you only want your friends to see your profile and your posts. You can also set your profile to be ignored by search engines. The less personal data you publish, the smaller the scope for attack that you provide to criminals, such as the ones that want to take over your digital identity.

Delete your account if you no longer need it

If you want to shut down your account, save your data outside of the network and then delete the data within the account. Then follow the provider's procedures on how to delete the user account precisely. In some cases, this will also mean that you must not log back in within a certain period of time.

Data protection and General Terms and Conditions (GTCs)

Social networks are operated by for-profit companies that are mainly financed through advertising. The GTCs lay out how the providers handle your personal data and how it is forwarded on to the advertising industry. Familiarise yourself closely with the GTCs and the Privacy Policy, and do so before creating your profile.

Some social networks apply usage rights to what you publish. This means that you, for example, transfer usage rights to your photos and videos to the operator of the social network. It is also common for the usage rights granted to also continue to exist once you leave the network and delete your profile. Think before posting whether you want to share the rights to your images and texts. Make sure that you are not infringing the rights of third parties when you post images, texts or videos.

The BSI has issued an overview with information on technical settings for the most commonly used platforms like Facebook, WhatsApp, Instagram and Twitter.