Or how to stop worrying about who changed your organisation's Twitter password
If you work as part of an organisation or collective, then you have probably have organisational social media accounts which need to managed by multiple people, with whom the password has been be shared.
This poses multiple potential problems:
To avoid this from happening we can do two things:
We've provided details of what this means practically below.
How can you share access to a social networking account without sharing the password? Many services now provide features to jointly control an account without needing to share passwords. Different administrative roles can be assigned to the various users managing the organisation account. In the event that the security of one of the managers is breached (say due to hacked account or stolen password), then the other managers can revoke their privileges before further damage is done.
Instructions for how to use this feature on Facebook, Twitter and Gmail are given below.
Hopefully you know this already, but we've included it just in case.
Facebook allows users to create "Pages" that are designated for businesses and organisations and can be managed by multiple users. You can create a Page for your organisation using your personal Facebook account. (Visitors to the page won't be able to see that you are the manager of a page, but if public association with the page is a security concern for you then you should first create a dummy facebook account which you can use to create the page for your organisation).
To give admin privileges to other people in your organisation, follow the steps below:
From your newly created Page, click on the
Settings link in the top right:
Page roles on the left sidebar menu:
In the textbox in the section labelled
Assign a new Page role, enter the name of your colleague with whom you want to share page management rights. (They have to have their own Facebook account of course):
Select a role for your colleague from the dropdown menu next to the textbox:
Facebook allows you to choose from a number of different roles, each of which have a different set of admin privilieges. For details, click here.
Addbutton, and you're done:
To remove or change the admin privileges of anyone:
Scroll down to the
Existing Page roles section and click on the
Edit button next to the name of the person whose role you want to change.
Twitter allows multiple user to share control of an account by using the Teams feature on TweetDeck.
(Currently, this can only be done from a desktop, but the feature is expected to be incorporated into Twitter's mobile app soon.If it is essential for you to use a mobile device for a shared Twitter account, then jump down to the
Sharing passwords safely section).
After creating a new Twitter account for your organisation, log into it through TweetDeck by opening https:/tweetdeck.twitter.com in your browser and follow the steps below:
Click on the
Accounts button in the bottom left side of the TweetDeck window:
Click on the
Manage team button:
Type the Twitter handle of the person you wish to share the account with in the textbox labelled
Add a team member:
To confirm your decision, click on the
You can now also choose whether to make this person a "Contributor" who can tweet from the organisational account, or an "Admin" who also is able add and remove other team members. To do this, click on the
Change role link of the person you just added:
then choose between
Contributor and click on the
The user to whom you assigned management rights will receive a team invitation notification when they log in to TweetDeck, which they will need to accept in order start tweeting from the organisation's account:
You may have an email that you wish to share access to with other team members, such as a generic info email address. If you are using Gmail then access can be shared without having to exchange passwords.
After logging in to the Gmail account of the account you wish to share, open the settings from the dropdown menu in the top right:
Click on the
Accounts and Import tab:
Grant access to your account section, click on
Add another account:
In the popup window, enter the email address of the person with whom you want to share access to the account (it must be a Google account):
Confirm your decision by clicking on
Send email to grant access:
Not all online services have features for sharing accounts, in which case you may have to choose between not using the service at all, or sharing a password between multiple people. If it is necessary to share a password, then make sure you doing is using secure means, so that it does not fall in to the wrong hands.
Don't share it unencrypted:
More secure methods include:
Bear in mind that if you choose to share a password, then you may be unable to use two-factor authentication to keep your account safe. Also remember that the more people who have the password to an account, the higher the chance of it being compromised.
If you have any questions about this, or have requests about what to cover in future posts, send us an email!