Social media accounts are often targets for hacking or hijacking, which can have a significant negative impact on UVic’s reputation. 

To guard against this, strong passwords should be used for all social media accounts along with two-factor authentication.

If an email account is used as a login for the account, that email address should also have a strong password.

Two-factor authentication

Most social media platforms have the option to have two-factor authentication enabled. This usually means using a third-party app like Duo or having a mobile phone associated with the account. It it is best that the phone and e-mail used for login are UVic-affiliated.

Changing passwords

If you provide students with access to your accounts, such as for an Instagram takeover or a Facebook Live, it is important to do a regular audit of who has access. This may include regularly updating the password or adding and removing profiles with administrator access. Regardless, the password on your account should be changed every 2-3 months, if not, more frequent. You should always change your password if you suspect your account has been hacked, there is a data breach or you disocver malware on your device. 


For social media accounts where a single login is not used (such as Facebook pages), at least two people should have administrative rights at all times. This is to ensure that someone always has access to the account, even if someone leaves the university or is away sick.

It is against Facebook's Terms of Service to have multiple Facebook profiles for the same person. It is also against Facebook's Terms of Service to use something other than your "real name" on Facebook. If discovered, Facebook may delete one of your accounts. This means you should not create a second "work" Facebook profile to manage your UVic Facebook page. Please contact for assistance.