Facebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover.\n\nAccording to a study released Tuesday by access management vendor Cerby, the biggest area of concern common to the five platforms it studied \u2014 Twitter, Facebook, Instagram, TikTok and YouTube \u2014 was poor support for enterprise-grade authentication and authorization technology. Cerby said that support for cross-environment authorization technology like Simple Cloud Identity Management (SCIM) and Security Assertion Markup Language (SAML) would go a long way toward securing social media networks more effectively.\n\n\u201cWithout these standards, political figures and businesses are vulnerable to several security risks, including credential reuse attacks,\u201d the report said in part. \u201cThe unchanged nature of these scores from 2022 to 2023 highlights a misalignment concerning enterprise-grade security controls within these platforms.\u201d\n\nThe news was brighter for other types of security controls. Facebook, YouTube and Twitter all support the FIDO2 framework, an open standard that uses authenticators like smartphone or hardware security keys to provide two-factor authentication \u2014 an improvement over time-sensitive passcodes sent via SMS.\n\nAccess privilege management was generally strong across the social networks studied by Cerby, with no company rating lower than three out of five. (The report uses a six-point scale to rate the social platforms across six different criteria, with a zero meaning no support and no roadmap for incorporating a particular feature, and five indicating full, mature support.)\n\nAhead of major elections in the US and EU, the broadly positive outlook for social media security shouldn\u2019t distract organizational users and the platforms themselves from making continual improvements.\n\n\u201cThe significant need for progress in enterprise-grade authentication and authorization across social platforms remains challenging,\u201d the report said. \u201cThese platforms broadly fall into the nonstandard application category, needing more support for common security standards like SAML and SCIM, leaving politicians and businesses adrift in turbulent waters with minimal oversight from IT and security teams.\u201d\n\nCerby offered three major pieces of guidance for political leaders and businesses looking to employ social media in the safest way possible. First, password managers integrated with corporate identity providers should be used to minimize the dangers posed by reused or weak passwords. Second, the strongest possible two-factor authentication methods should be used \u2014 the company suggested hardware-based security keys like YubiKey. Finally, integrating social media platforms with existing SSO platforms like Azure Active Directory or Okta can help centralize management of credentials and access tokens.