It seems like every couple weeks we hear a story about a major YouTube channel getting hacked and having their content deleted. Thankfully, Google provides a number of ways creators can prevent this from happening. However, as channels grow, they tend to add channel managers to their team, increasing vulnerability with every addition.
The most common way channels are hacked is by the hacker acquiring a YouTube channel manager’s login and password. They do this by phishing, planting a keylogger, or even using a brute force attack.
Perhaps the strongest form of hack protection is two-factor authentication. YouTube’s version works by sending a notification to the user’s mobile phone whenever they try to log into YouTube or any other Google service. It then asks the user to verify that it’s them who is trying to log in. For this, you’ll need to match a number that appears on both screens.
With two-factor authentication, any attempt to log in to an account, even with the correct password, requires access to a user’s mobile device.
So setting up two-factor authentication as the sole person with access to a YouTube channel is a pretty fool-proof way of protecting it. However, complications arise when users allow others access to their channel.
Let’s say your channel is run by you and three friends. To be able to manage the channel — i.e., upload and edit videos — your friends need at least a ‘Manager’ level role. Unfortunately, this role also gives them permission to delete videos. You can probably see where this is going.
There are two problems here. First, if you’re not using a G Suite account to manage everyone’s accounts, you’ll have to rely on the word of your three friends that they’re using two-factor authentication. Second, the more people you add to your team, the more likely someone will try to assure you they’re using two-factor authentication when they’re really not.
It only takes one Channel Manager without two-factor authentication to make a channel vulnerable to being hacked.
The only real way to maximize security is to administer logins yourself with a G Suite account. You’ll start by registering your domain name, then administer your team new Google accounts. Inside G Suite is an option to require two-factor authentication in order to log in to those accounts. Once you do all this, you can remove every Channel Manager account which you don’t directly administer and add those that you do.
Hacked channels is a serious problem that’s worse for small channels than large ones. If PewDiePie gets hacked and his videos are deleted, you can bet YouTube will prioritize getting his channel back online as soon as possible. But YouTube has over 31 million channels. How likely do you think it is that they’ll make it a priority to address hacks on the lower-end of the subscriber spectrum? As someone who runs a YouTube channel, it’s in your best interest to take precautions to make sure it never happens to you.