skip to main |
skip to sidebar
8:45:00 AM
valgeo
Alongside the buzz about Twitter becoming our primary source of news
is the realization that not everything you read on the microblogging
network can be trusted. Usually, this is because people are too quick to
tweet without verifying facts, but sometimes it's because the person
behind the tweets isn't who you think they are.
This is exactly what happened to the Associated Press on Tuesday, when the wire service's Twitter account @AP was hacked, and sent out a false tweet about the White House and U.S. President Barack Obama.
Recently, a number of prominent Twitter accounts, including those of 60 minutes and CBS News
were reportedly hacked by Syria. While I don't know how the AP's
account was hacked, or who did it, I do know that it should not be
happening.
How to Prevent Hacks
There are several relatively simple ways to prevent Twitter hacking.
The first, which may be obvious, is for people and brands to do a better
job of managing their Twitter security by using more complex passwords,
and incorporating password-management tools (e.g. LastPass, Norton
Internet Security).
The other option is for Twitter to introduce two-factor
authentication. For the uninitiated, "two factor" means two barriers to
entry. For example, when signing in, users must enter their password, as
well as a security code that they can only access from a personal
device, such as a smartphone.
For Google, which has the option of two-factor authentication on its apps (Microsoft recently introduced it,
as well), it works like this: When you sign into a new device for the
first time, Google’s security system sends you a code via text, voice
call or mobile app. Enter the code from your phone during sign-in, and
you’re good to go. What's more, you don’t have to go through this
process every time: Google can remember your device for 30 days.
Simply put, it enables two levels of protection, and makes it much
harder for someone who stole your password to simply sign in as you from
another computer: The second-factor authentication would show up on
your phone — not theirs.
Indeed, two-factor authentication adds extra work for users, and
could pose a problem if you don't have access to your phone. But while
it's not necessary for everyone to use it, others most certainly should.
The Chosen Ones
What do most of the hacked Twitter accounts have in common? They were all "verified."
What is “verified,” you ask? According to Twitter, it means you are
who you say you are. Once you have a verified account, you're not
supposed to change your Twitter handle willy-nilly. You also get
occasional reports on account activity — nothing major, just updates on
your most successful Tweet and how to extend your reach. But there's
little mention about security. In light of recent events, however, that
most certainly should change.
Here’s my suggestion, Twitter: Require anyone with a verified account to use two-factor authentication.
I consider it a privilege to be verified, and was honestly quite excited when it happened.
It was, for a while, a pretty rarefied blue check mark. These days,
Twitter is verifying a lot more users, but all of them are still, more
or less, in the realm of trusted brands (i.e. people, products,
companies, governments, politicians and celebrities).
When you see the check mark, you assume it’s a more trustworthy
account, and possibly one worth following. With the size and kinds of
audiences these accounts often have, they’re also natural hack targets. A
hacked verified account is an especially damning loss of trust. When
the AP reports explosions at the White House, users take notice — even
if, as it was in this case, not true.
If Twitter had already been requiring two-factor authentication for
these trusted accounts, I can’t imagine that we’d be seeing as many
hackings.
In a nutshell, when Twitter sends that “Congratulations, You’re
Verified” email, it should append a “Rules of the Road” note that
includes this one critical question: “With your new power comes
responsibility. Welcome to two-factor authentication, which will help us
and you protect your account and tweets.”
I know others agree with me. Now it’s time for Twitter — and at least its verified members — to get on board.
0 σχόλια:
Post a Comment