How to Jointly Manage Your Team's Online Accounts Safely

Or how to stop worrying about who changed your organisation's Twitter password

If you work as part of an organisation or collective, then you have probably have organisational social media accounts which need to managed by multiple people, with whom the password has been be shared.

This poses multiple potential problems:

  • When you share a password with someone else, there's a chance that someone else can intercept it if you don't share it through a secure method.
  • Anyone who has access to the password can change it and lock everyone else out from the account.

To avoid this from happening we can do two things:

  1. Avoid sharing passwords wherever possible
  2. If it is necessary to share a password, then make sure you do it securely.

We've provided details of what this means practically below.

Avoid sharing passwords

How can you share access to a social networking account without sharing the password? Many services now provide features to jointly control an account without needing to share passwords. Different administrative roles can be assigned to the various users managing the organisation account. In the event that the security of one of the managers is breached (say due to hacked account or stolen password), then the other managers can revoke their privileges before further damage is done.

Instructions for how to use this feature on Facebook, Twitter and Gmail are given below.

Facebook

Hopefully you know this already, but we've included it just in case.

Facebook allows users to create "Pages" that are designated for businesses and organisations and can be managed by multiple users. You can create a Page for your organisation using your personal Facebook account. (Visitors to the page won't be able to see that you are the manager of a page, but if public association with the page is a security concern for you then you should first create a dummy facebook account which you can use to create the page for your organisation).

To give admin privileges to other people in your organisation, follow the steps below:

  1. From your newly created Page, click on the Settings link in the top right: Facebook page roles screenshot

  2. Click on Page roles on the left sidebar menu: Facebook page roles screenshot

  3. In the textbox in the section labelled Assign a new Page role, enter the name of your colleague with whom you want to share page management rights. (They have to have their own Facebook account of course): Facebook page roles screenshot

  4. Select a role for your colleague from the dropdown menu next to the textbox: Facebook page roles screenshot

    Facebook allows you to choose from a number of different roles, each of which have a different set of admin privilieges. For details, click here.

  5. Click on the blue Add button, and you're done: Facebook page roles screenshot

To remove or change the admin privileges of anyone:

  1. Scroll down to the Existing Page roles section and click on the Edit button next to the name of the person whose role you want to change. Facebook page roles screenshot

  2. From here you can change their role, or revoke all their admin privileges entirely by clicking on the Remove button.

Twitter

Twitter allows multiple user to share control of an account by using the Teams feature on TweetDeck.

(Currently, this can only be done from a desktop, but the feature is expected to be incorporated into Twitter's mobile app soon.If it is essential for you to use a mobile device for a shared Twitter account, then jump down to the Sharing passwords safely section).

After creating a new Twitter account for your organisation, log into it through TweetDeck by opening https:/tweetdeck.twitter.com in your browser and follow the steps below:

  1. Click on the Accounts button in the bottom left side of the TweetDeck window:

  2. Click on the Manage team button:

  3. Type the Twitter handle of the person you wish to share the account with in the textbox labelled Add a team member:

  4. To confirm your decision, click on the Authorize button:

  5. You can now also choose whether to make this person a "Contributor" who can tweet from the organisational account, or an "Admin" who also is able add and remove other team members. To do this, click on the Change role link of the person you just added:

    then choose between Admin and Contributor and click on the Confirm button:

  6. The user to whom you assigned management rights will receive a team invitation notification when they log in to TweetDeck, which they will need to accept in order start tweeting from the organisation's account:

  7. Now, when the delegated user starts a new tweet from TweetDeck, they will be given the option to tweet from the organisation account by clicking on its profile picture:

Gmail

You may have an email that you wish to share access to with other team members, such as a generic info email address. If you are using Gmail then access can be shared without having to exchange passwords.

  1. After logging in to the Gmail account of the account you wish to share, open the settings from the dropdown menu in the top right:

  2. Click on the Accounts and Import tab:

  3. In the Grant access to your account section, click on Add another account:

  4. In the popup window, enter the email address of the person with whom you want to share access to the account (it must be a Google account):

  5. Confirm your decision by clicking on Send email to grant access:

  6. The delegated user should now receive a confirmation email after which they will be able to access the shared account. Now when they click on their profile picture in the top right of the Gmail window they will be able to select the shared account:

Sharing passwords safely

Not all online services have features for sharing accounts, in which case you may have to choose between not using the service at all, or sharing a password between multiple people. If it is necessary to share a password, then make sure you doing is using secure means, so that it does not fall in to the wrong hands.

Don't share it unencrypted:

  • over email
  • over a phone call
  • in an SMS

More secure methods include:

Bear in mind that if you choose to share a password, then you may be unable to use two-factor authentication to keep your account safe. Also remember that the more people who have the password to an account, the higher the chance of it being compromised.

If you have any questions about this, or have requests about what to cover in future posts, send us an email!