Social media offers a lot — from Facebook to LinkedIn and Instagram to TikTok — there's a reason to have the app of your choice (or all the apps) set up so that you can connect with friends, family, coworkers or even your followers. But you don't need me to tell you there are plenty of drawbacks to social media, and security and privacy risks are at the top of that list.
It might seem intimidating to try and control and handle the security settings for all of these apps. Each one offers different things, has different settings and permissions and has a different interface. However, if you know what you want to limit, curtail and protect, it's not that difficult.
I've compiled a handy checklist of where to start – and most importantly, where you can go to turn on the safety features of each app.
1. Set up two-factor authentication
We always recommend that you enable two-factor or multi-factor authentication on all your accounts whenever it's made available, especially for accounts that are likely to be targeted by hackers. That's because two-factor authentication (2FA) is often the best protection you have against your account getting broken into and then stolen.
While using 2FA is a great step forward there are additional steps you can take that will keep you more secure. In order to be the most secure while using a two-factor authentication system, make sure you're using an app to generation codes such as Google Authenticator or Microsoft Authenticator which are two of the most popular. Most platforms will also allow you to download recovery codes; a list of 8-10 one time use codes that you can use to get back into your account.
2. Check your profile visibility
This basically means, you have control over who can view your account. There are several reasons to do this, beyond just making sure that former friends and coworkers can't see pictures of your kids on vacation. Search engines can link to your profile when someone looks for your name (if you haven't disabled that option), you could potentially be allowing an app to give out your location, or you could be allowing an app to hand over your posts to an AI model to train it.
Each social media platform will have a place where you can check on and update your privacy settings. For Instagram, go to Settings then Account Privacy. From there you can set your account to Privacy Account which will hide your followers, your following list and all your posts and stories from anyone you haven't approved. This is also the place where you can disable profile picture expansion which prevents strangers from downloading your profile photos.
For Facebook, you can use the Privacy Checkup tool for a variety of tasks from limiting who can look you up using your email or phone number, disable the search engine indexing setting (which will stop your Facebook page from appearing in Google search results), and you can set who can see your friends list, all of which will stop scammers from creating clone accounts.
On TikTok turn off all the toggles under Settings, Privacy, Suggest your account to others which will including syncing your account with contacts and friends. You can also disable Profile view history so others can't see that you visited their page, and set Downloads to off so people can't save your videos.
On X (Twitter), you can enable Protect your posts by going to Settings, then Privacy and safety and Audience and tagging. This turns your account private and only your approved followers can see your tweets. You can also set your Photo tagging setting to Only people you follow or Off, which means your handle won't get linked to photos you don't approve.
Finally, on LinkedIn, you can choose Private mode to browse profiles without people knowing you've viewed them, and set your profile to display only your last initial (to those who aren't your connections). You can also go to Settings, Data Privacy and Opt-out if you don't want LinkedIn to send your profile data to train its AI models.
3. Approve tags and mentions
There are some obvious reasons you'll want to know if you're being tagged or mentioned on a social media platform – maybe someone has posted a lovely old photo of you, or mentioned you for a job opportunity. On the other hand, maybe someone has posted a photo of you that you do not wish anyone else to see or mentioned you in regards to a failed project.
Control who sees what by making sure you get approval before it gets posted. In Instagram, switch to manual approval by going to Profile > Menu (3 lines) > Settings and activity > Tags and mentions. Then tap Manually Approve Tags and toggle the switch to On; your tags will stay in a pending folder until they're approved.
In Facebook, set manual approval by going to Settings & Privacy > Settings > Profile and Tagging. Then turn the toggle on for "Review posts you're tagged in before the post appears on your profile?" In the same section you can toggle on "Review tags..." so that you can manually approve tags as well. You'll get a notification if you get tagged and you can go to your activity log to approve or deny.
For TikTok users, you can control who can link to your account by going to Profile > Menu (3 lines) > Settings and privacy > Privacy > Mentions and tags. Then choose Friends or People you follow for mentions and tags.
X (Twitter) let's you leave a conversation by tapping the three dots on the post and selecting "Leave this conversation." This removes the link to your profile and stops further notifications. Additionally you can go to Settings > Privacy and safety > Audience and tagging. Set photo tagging to Only people you follow or turn it off entirely.
Lastly, for LinkedIn, you can prevent all tags by heading to Settings & Privacy > Visibility > Mentions and tags then turn Mentions by others to off. You will have to check your notifications to see if you've been tagged, however.
4. Approve and check new device logins
Receiving a notification that a "new device has logged into your account" is often the first sign of a hack. These alerts aren't always enabled by default so you'll want to make sure you have them set up to grab your attention if someone is trying to – or worse yet, has gotten into your account.
This will break down to two options, either enabling alerts for unrecognized logins which will tell you the moment a new device accesses your account, or option two a periodic and manual check of the security settings that show which devices have you logged in. You can see if there's anything out of date or that you don't recognize and boot it from the list.
For Meta (both Facebook and Instagram), head over to Settings & Privacy > Accounts Center then Password and Security. Ciick on Security Checks and tap Login Alerts. Select which account and select In-App Notifications and Email.
For X (Twitter), just go to Settings and Support > Settings and Privacy. Then select Security and account access > Security. From here if you make sure that 2FA is on, you also get the benefit of automatic email alerts for all new logins. (But you will have to keep an eye on your email).
TikTok users can go to Profile > Three-line menu > Settings and privacy. Then choose Security and tap Security alerts. This will give you a history of unusual activity; if you verify your contact information, you'll get instant alerts. There's also a 'Where you're logged in' audit list here that can be manually checked.
LinkedIn accounts are pretty straightforward, just go to Settings > Sign in & security > Where you're signed in.
If you see a login you don't recognize: Immediately log out of all sessions, and devices. Next, change your password and update your 2FA. Lastly, and vitally, don't forget to update and check the recovery email and contact information on your account. Hackers will often change it to their contact info, so they can get back in.
5. Revoke app access
There are likely a handful of old games or services you don't use that still have access to your accounts, and these are risks if there's ever a data breach. If you've ever logged into something using Facebook as a shortcut, it's tied to your account.
Facebook and Instagram are similar but not quite the same. For Facebook, go to Settings & Privacy > Settings > Your Activity > Apps and Websites. For Instagram, it will be Settings and activity > Website permissions > Apps and websites. On either site you'll get a list of active, expired or removed apps; you can select anything you don't care to keep and remove it.
For X (Twitter), the path is a bit more complicated: Settings and Support > Settings and Privacy > Security and account access > Apps and sessions > Connected apps. Then you'll have to manually select each app to see what permissions it has, and then Revoke app permissions to disconnect it.
TikTok users can go to Profile > Menu (three lines) > Settings and privacy > Security > Manage app permissions. Then tap on any app and choose Remove access. Linkedin is also pretty simple: Profile icon > Settings > Data privacy > Other applications > Permitted services. Then you'll see a service list to choose from; pick Remove from any you don't need, or don't use.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
