Enhance your password security.

Get Started
CTA icon
How to store client social media passwords correctly

How to store client social media passwords correctly

February 2, 202410 min read

Business

States and governments are constantly introducing privacy laws that mirror the notable European GDPR and California's CCPA. Security and privacy must be a high priority for agencies handling data (like client social media passwords).          

Storing client passwords securely is necessary not only to comply with laws and respect people's privacy, but also to maintain your reputation as a business. If your company earns a reputation for password mismanagement and causing leaks or data breaches, you'll battle to find anyone who wants to work with you!

How do you store client social media passwords correctly?

With a password manager. 

Let's learn why a password manager is the best tool for the job, and how to use it effectively and efficiently. 

[Table of Contents]

Secure password management doesn't have to be expensive or disrupt workflows. TeamPassword is an affordable password manager designed for small businesses, startups, and agencies. Sign up for a 14-day free trial to experience the ease and efficiency of robust password security with TeamPassword.

               

The Importance of Onboarding Clients Safely

Firstly, violating GDPR, CCPA, and other State regulations could result in hefty fines. In Europe, under GDPR, the maximum penalty is £20 million or 4% of annual turnover. Google, British Airways, H&M, and Marriot have all learned this the hard way—each receiving fines over €10,000,000.

CCPA punishes California-based organizations similarly to GDPR and can take action against companies outside of California and the United States for data violations against its citizens. Virginia, New York, Massachusetts, Maryland, and Hawaii are working on similar data privacy laws with severe fines and penalties.

New privacy laws are always in the works - research your own area to stay abreast of laws applying to your or your business. 

While most agencies don't operate anywhere near the turnover of the multinationals mentioned above, a relative fine will still hurt cash flow and your brand's reputation. 

A secure and professional onboarding experience will not only ensure you comply with legislation, but it'll impress your clients and build trust. If your customers know they're in safe hands, then they're less likely to look elsewhere.

Examples of Poor Onboarding Practices & Associated Risks

When agencies onboard new clients, they typically require access to social media accounts and any tools—social media management, analytics, research, etc. This access means clients need to share their passwords with your company.

Here are some of the ways agencies onboard clients, the associated risks, and why you should avoid using them.

              

Email

Email is a common way for clients and agencies to share passwords. It's also one of the most dangerous! 

If someone breaches an employee or client's device, all they have to do is search your email using keywords like "password" or "Instagram password," and the relevant emails will appear. Even if you delete the emails, they usually stay in your deleted folder for 30 days. 

It's also very easy to share emails, and you have no control over where employees, contractors, or freelancers forward these passwords—even if it's a mistake!

           

Spreadsheets

Like email, spreadsheets are easy to copy and share. They're also simple for hackers to find when they breach a device. 

Spreadsheets are particularly bad for sharing passwords because you generally store multiple credentials in one place—making it easy to steal an entire asset list. Worse still, if you keep all your client's credentials in one spreadsheet under multiple tabs! 

The biggest issue with spreadsheets is that you can't segment access without creating multiple spreadsheets, which can become confusing if you deal with many clients and teams.

It's a cybersecurity best practice to give each person the minimum access they need to do their job. This includes passwords, tools, credentials - anything that can be misused in the wrong hands. If you store passwords in spreadsheets, it's incredibly inconvenient to follow this best practice. 

Text & Messaging Apps

Another common way people share passwords is via text or messaging apps like Facebook Messenger, WhatsApp, Slack, and others. This method exposes similar vulnerabilities to email and spreadsheets where you have no control over unauthorized sharing. You also have to worry about team members losing their devices! 

Many of these apps store your messages on a server, which means they're vulnerable to data breaches—which happen more often than you think!

                       

Forms

Another way agencies onboard clients and capture data like passwords is by using forms. A little more secure than other methods, but where do those submissions go? And how do you store and share the passwords once you receive them? 

Form submissions often end up in email inboxes, which defeats the point of "securely transferring" data from your clients. 

The most significant risk with these four onboarding methods is that employees use and share raw credentials. If you're sharing passwords with freelancers, then that's even more problematic!

             

How to Build Trust and Onboard Clients Securely

So, how do you receive data like client social media passwords securely? And how do you store and share credentials with coworkers safely? 

With TeamPassword, you can capture client social media passwords and share those credentials with your teams. Here's how...

                  

First, create a TeamPassword group for your client.

  1. If you haven't already, sign up for a TeamPassword account. It's free to try for 14 days—no credit card required.
  2. Navigate to your organization profile under Manage Teams.
  3. Click Groups and Add a Group.
  4. Use your client's name for the group and click Save Changes.

                   

Now, it's time to onboard your client and enter their passwords directly into TeamPassword's encrypted vault. TeamPassword's minimalist UI makes it easy to navigate and enter the required information.

undefined

  1. Under People, click Invite Your Team.
  2. Enter your client's email address, set the Permission level to Member. Under Add to groups (optional): check the box next to your client's name and click Send Invitation.
  3. Your client will receive an invite to join your TeamPassword account. They accept the invite by following the email link and creating a username and password.
  4. On the dashboard, your client clicks the blue and white + button to add a new password.
  5. Now, they fill in:
    1. Name Easily identifiable such as Acme - Instagram. This makes it searchable and differentiates it from your other clients' Instagram accounts. 
    2. Login URL If unsure, have them enter the root domain - https://www.instagram.com for example.
    3. Username and Password fields.
    4. Notes: they can use this field to add any additional instructions.
  6. Share with: your client should check your company name (not Only Me (Private))
  7. When they click your company name, a second box will appear where your client needs to check their name and not Everyone at (Your Company).
  8. Lastly, they click Save, the password saves to your account and immediately appears on your TeamPassword dashboard.

                   

Your client repeats steps 4 to 8 for all of their passwords, and you have securely captured their data without exposing credentials.  

As the account owner, you can edit your client's credentials to correct any onboarding errors. 

We highly recommend resetting all of your client's passwords to ensure they're strong and every account has unique credentials. Your client can view the new credentials and use TeamPassword's browser extensions or mobile app to continue to log in to their accounts. 

It's a good idea to share an instructional video (using Loom or similar) or provide live onboarding to guide them through the process.

                     

If your client isn't using a password manager, encourage them to sign up for TeamPassword to securely store and share all of their company credentials.

                

Common Password Security Risks

Here are the top five mistakes companies make when sharing passwords with teams.

  1. Creating Weak Passwords: weak passwords make it easy for attackers to breach your digital assets. Never use your company/platform (like Instagram or Twitter) name, sequential numbers (123), and other easy-to-guess personal/company information. TeamPassword features a built-in password generator, so teams always create strong, random passwords with uppercase, lowercase, numbers, and symbols.
  2. Storing Passwords in Plaintext: plaintext includes emails, digital note pads, spreadsheets, messaging apps. TeamPassword uses AES 256-Bit encryption to store your passwords. We hash, salt, and encrypt data locally on your computer before uploading them to our servers. Not even TeamPassword employees can view your passwords!
  3. Reusing Passwords: reusing passwords exposes you to credential stuffing attacks where hackers use the same credentials to access other accounts using the same username and password combination. With TeamPassword's password generator, you can create unique credentials for every account.
  4. Memorable Passwords: we often create passwords using memorable words or phrases, like pets/family names, street addresses, mobile numbers, etc. Hackers know this! With some social media research, criminals can gather "keywords" about your life and add them to password-cracking algorithms to perform what's called a dictionary attack—a highly focused brute force attack where algorithms try username and password combinations until they find a match.
  5. Changing Passwords Frequently: if you're not using a password manager or password generator, changing passwords too frequently could expose vulnerabilities. Employees tend to develop password-creation patterns which hackers can use to guess your credentials or refine algorithms for a dictionary attack.

                         

When you're working with high-value clients, these sorts of password attacks are not out of the realm of possibility! Always use a password manager to keep your client's social media passwords and other digital assets safe from attack!

                                      

Try TeamPassword for Free

Sign up for a free TeamPassword trial to test our password manager with your team and clients. Stop using poor onboarding practices and provide peace of mind for your clients with TeamPassword.

facebook social icon
twitter social icon
linkedin social icon
Enhance your password security

The best software to generate and have your passwords managed correctly.

TeamPassword Screenshot
Recommended Articles
Silver keys on a dark background.

Password Management

January 29, 20246 min read

Password Protection Best Practices for Digital Agencies

Password protection for digital agencies is more important than ever as hackers continue to target businesses working with ...

Sharing Social media credentials with teammates

Password Management

January 24, 202410 min read

Sharing social media credentials with teammates

Secure your company's social media accounts and other digital assets with TeamPassword's robust password management solution today!

9 Best tools for marketing agencies

Business

October 17, 202314 min read

9 Tools for Marketing Agencies in 2024 | Start Your Year Right

Here are nine best marketing tools to manage your business, contract workers, freelancers and more. Also, start using ...

The Password Manager for Teams

TeamPassword is the fastest, easiest and most secure way to store and share team logins and passwords.