New Account Setup
Questions to Ask Before Starting a Social Media Account.
What are your goals?
Have a clear plan and purpose for an account before you start.
Could you benefit from a partnership or collaboration with other on-campus account(s)?
There are dozens of social media accounts listed on our social media directory.
Do you have the resources to manage your account(s)?
Running a social media account requires time and dedication. Be sure that your account administrators are comfortable managing the account after hours.
What will you post and how often?
In order for your account to be successful you will need to post regularly, year-round.
How will you evaluate success?
How will you track the number of engaged users? What constitutes success according to your department’s goals?
Account Setup Requirements
Register your account
Please do not create a new account until you've registered with the Division of Marketing and Communications and been approved.
At least one social media account administrator must be a full-time employee. A minimum of two faculty or staff members must have access to the accounts.
Use shared @txstate.edu email accounts
The account's email address must remain tied to a limited-access, shared @txstate.edu email address (i.e. a shared mailbox or a distribution list).
Personal email accounts or individual work email accounts must not be used.
Mark accounts as official
Accounts must be marked as “official” where the channel allows (e.g., in a Twitter bio or in Facebook's “About” section).
Accounts must also provide contact information or links to a relevant txst.edu page.
Follow Social and Brand Guidelines
Accounts should follow the university's brand and visual guidelines.
To maintain the highest level of security for your new account, we have some recommendations from the IT Assistance Center.
Storing and sharing passwords
- The account’s credentials must remain stored in LastPass Enterprise.
- LastPass password sharing features may be used to share credentials to authorized TXST personnel as required. As with other scenarios, the use of multiple LastPass Enterprise Shared Folders is highly recommended in cases where varying levels of access to credentials are required amongst members of a department.
- Every semester, accounts, password shares, and permissions must be internally reviewed to check for excessive permissions and inappropriate access.
- Upon a user’s loss of a need to access a given account, their access to the account and associated credentials must be promptly revoked and the credentials changed.
- In-account permissions and access to credentials via LastPass must be provided in a fashion that fits the model of least privilege.
Remember: Account credentials must not be provided directly to Meltwater, Hootsuite, or other third-party platforms aside from the TXST instance of LastPass Enterprise; in-application permissions and authorization tools must be used to grant access to authorized third parties.
Password for social accounts must be:
- Unique (i.e., not users’ NetID passwords or derivative of other passwords)
- Randomly generated via LastPass Enterprise
- Composed of as many character types as the service supports (i.e. upper-case letters, lower-case letters, numbers, and symbols)
- Set to at least 15 characters in length
- Changed annually or when a user with access to the password loses their need to access the account, whichever comes first
Turn on multi-factor authentication
Where it’s available, multi-factor authentication (such as two-step authentication) should be implemented on official accounts and any accounts linked to official accounts. For more information on multi-factor authentication see the links below: