What Happens When Social Media Passwords Get Lost During Leadership Changes?

Throughout my many, many years on this planet, I have been on a lot of boards: Cultural commissions, moms groups, financial planning organizations, women's networking groups...you name it, I've volunteered for it.

As anyone who has sat on a board knows, this type of volunteering is not without its challenges. But since the advent of digital marketing and social media, those challenges have multiplied.

I'm always excited to lend some marketing expertise to a board or organization, but there's usually one question that stops everything before we even get started:

Who has your login information for your social media accounts?

I don't think I've stepped onto a board in the last 10 years where someone knows all of the passwords and has access to all of the accounts. This is usually complicated by the fact that somewhere along the way - because they couldn't find what they needed - whoever was in charge at the time just decided to chuck it and start all over again. This means that some organizations have multiple accounts, pages, and groups that confuse anyone trying to look for more information.

This is frustrating for everyone involved.

The problem is that with many social media platforms, they have to be started by a person. A Facebook page has to be tied to a personal Facebook account. LinkedIn pages are usually attached to whomever created them. Someone left a board and took the phone number that a verification code is sent to for MailChimp with them.

It's a mess.

So, let's talk about how you can avoid this. AND what to do if you're already in this pickle.

Never Tie Accounts to One Person

This is the biggest mistake. Social media accounts should belong to the organization, not the volunteer, employee, or board member who happened to create them.

That means:

• Use an organization-owned email address (like info@ORGANIZATIONNAME.com)

• Avoid creating pages through someone’s personal login when possible

• Make sure multiple approved people have admin access

Create a Shared Password & Access System

One of the easiest ways to avoid losing access to social media accounts during leadership transitions is to use a centralized password manager. Instead of passwords living in someone’s notebook, inbox, or memory, everything is stored securely in one place that authorized leaders can access when needed. Platforms like 1Password, LastPass, and Bitwarden make it much easier to keep things organized by storing usernames, passwords, recovery emails, backup codes, linked phone numbers, and two-factor authentication information all together.

The key is making sure access isn’t limited to just one person. At least two or three leaders should be able to access the system so the organization isn’t scrambling if someone steps down, changes roles, or disappears with the login information.

Keep an “Account Ownership” Document

Every organization should have an internal document listing:

• every social platform

• the handle/URL

• who has admin access

• what email owns the account

• where 2FA codes go

• renewal dates for related tools

• who to contact if access issues happen

This sounds basic, but most organizations don’t have it.

Use Role-Based Access Whenever Possible

Many platforms let people manage pages without sharing passwords.

For example:

• Meta Business Suite allows different permission levels for Facebook and Instagram

• LinkedIn Page Admins allows multiple super admins and content admins

Audit Access During Leadership Transitions

Any time leadership changes, do the following:

• remove former admins

• update passwords

• verify recovery emails and phone numbers

• confirm two-factor authentication access

• review who still has publishing rights

What If the Page Is Tied to Someone’s Personal Facebook or LinkedIn?

This is incredibly common, especially with nonprofits, boards, and volunteer-run organizations: Someone created the page years earlier using their personal Facebook or LinkedIn account because it was the fastest way to get things set up.

At the time, nobody was really thinking about admin permissions, ownership, or what happens if that person eventually leaves the organization. Then leadership changes hands and everyone realizes the account is basically tied to one person instead of the organization itself. The good news is that it can usually be figured out, although the process depends on the platform and how the page was originally created.

Facebook Pages

A Facebook Page is always initially connected to a personal Facebook profile. That part is normal. It becomes a problem when only that person has admin access and they left the organization years ago.

If you can, have the original creator:

1. Add multiple organization leaders as admins through Meta Business Suite

2. Transfer primary control to the organization

3. Remove themselves later if appropriate

If that's not possible, Facebook does have a page ownership dispute/recovery process, but it can be slow. The organization may need:

• proof of trademark or organization ownership

• incorporation documents

• domain-based email addresses

• proof the page represents the organization

Sometimes recovery works. Sometimes organizations end up rebuilding from scratch. That's why it's important to stay on top of this from the beginning.

LinkedIn Company Pages

LinkedIn Pages are often tied to whoever created them. If that person leaves without adding additional admins, it becomes a problem.

If you’ve lost access, LinkedIn support may restore access if you can prove:

• you represent the organization

• you have an email domain matching the organization

• the page legitimately belongs to the organization

One More Thing to Think About

One of the biggest mistakes organizations make is allowing social media to become “one person’s thing.” One volunteer starts handling everything, one board member keeps track of all the passwords, or one employee becomes the only person who knows how the accounts work.

Even when that person is completely trustworthy, it still creates risk for the organization if they leave, step down, or become unavailable. Social media access should be treated the same way you would handle banking access, website ownership, domain registration, or email administration.

Remember that in many cases, your social media following and audience are real organizational assets, and there should be systems in place to make sure the organization — not just one individual — maintains control over them.