Twitter, like many other social media platforms, is a target for hackers and cybercriminals. The company has recently become the victim of a number of cybersecurity incidents that have resulted in the account names and passwords of users being obtained by criminals.
Each attack spells bad news for the company, and even worse news for users of platform. They face an increased risk of suffering identity theft and fraud as a result of having their login credentials compromised. Twitter security measures were simply not good enough to prevent a data breach from occurring.
Twitter security bolstered with two-factor authentication
To address the situation, Twitter security has been improved with two-factor authentication. This is an important security measure to implement as it makes it harder for accounts to be hacked.
Two-factor authentication uses two means of identification to help ensure that accounts are only accessed by the correct individuals. In addition to entering a username and a password, Twitter now requires an extra element to verify the identity of the person trying to access an account.
A number of websites and online services have now added two-factor authentication to provide better protection for users of their online services. Google, for instance, added two-factor authentication in 2010.
Google’s reputation would be tarnished if it was hacked. The company proactively added the security measure to offer more protection to its account holders. Users of its services must supply a mobile phone number when opening an account. A unique code is then sent by SMS to the phone when a new device tries to access the account. Users can alternatively choose to have an email alert sent to advise them when a new device is used to access the account. This ensures that if someone tries to login to an account on an unknown device, they will be prevented from gaining access, even if they supply the correct login name and password.
This is a vital security measure to keep accounts secure and it has been adopted by a number of websites and social media platforms, although it appears to have taken a major data breach for Twitter security to have been improved with this fundamental security protection.
Social media accounts contain a considerable amount of data about the user. Should a criminal be able to gain access to an account, they would be able to gather a considerable amount of personal information that could be used to conduct a highly effective spear phishing campaign.
Two recent high-profile cyberattacks involved compromised Twitter accounts. They affected the UK’s Guardian newspaper and the American Associated Press. Hackers gained access to the accounts and released links to fake news items. Since the messages came from a trusted source, and contained click-bait links, the fake websites received hundreds of thousands of visitors.
The links were to fake articles detailing explosions at the White House – a potential terrorist attack – and a fake story about President Obama. Unsurprisingly, when news of the hacks emerged stock prices plummeted.
Oftentimes, the hacking of a company’s social media accounts causes permanent damage to the brand image. The compromising of a social media account could even allow hackers to launch further attacks, especially if passwords are shared across multiple platforms.
Two-Factor Authentication – An Essential Security Control
If you want to improve the security of your website or online services, setting up two-factor authentication is one of the best protections to implement.
Login names are easily obtained by cybercriminals, and passwords can all too easily be guessed. Many people still use “password” for example, or their data of birth. 1234567890 is also a surprisingly common password and one that is very easily guessed.
Enforcing secure passwords is essential. Force users to include capital letters, numbers, and special characters when creating passwords. Then add a second step that needs to be completed. Make sure the user registers an email address or a mobile phone number, and then verify these by sending an email or SMS text.
Whenever an access attempt occurs using a different device to that used during the registration process, a code should be sent via email or SMS. If that code cannot be provided by the user, the account should be blocked.
This will ensure that even if a password is obtained by a cybercriminal, access to the account will not be possible unless the person has also managed to gain access to the email account used to register, or has the victim’s mobile phone.