Alongside the buzz about Twitter becoming our primary source of news is the realization that not everything you read on the microblogging network can be trusted. Usually, this is because people are too quick to tweet without verifying facts, but sometimes it's because the person behind the tweets isn't who you think they are.
This is exactly what happened to the Associated Press on Tuesday, when the wire service's Twitter account @AP was hacked, and sent out a false tweet about the White House and U.S. President Barack Obama.
Recently, a number of prominent Twitter accounts, including those of 60 minutes and CBS News were reportedly hacked by Syria. While I don't know how the AP's account was hacked, or who did it, I do know that it should not be happening.
How to Prevent Hacks
There are several relatively simple ways to prevent Twitter hacking. The first, which may be obvious, is for people and brands to do a better job of managing their Twitter security by using more complex passwords, and incorporating password-management tools (e.g. LastPass, Norton Internet Security).
The other option is for Twitter to introduce two-factor authentication. For the uninitiated, "two factor" means two barriers to entry. For example, when signing in, users must enter their password, as well as a security code that they can only access from a personal device, such as a smartphone.
For Google, which has the option of two-factor authentication on its apps (Microsoft recently introduced it, as well), it works like this: When you sign into a new device for the first time, Google's security system sends you a code via text, voice call or mobile app. Enter the code from your phone during sign-in, and you're good to go. What's more, you don't have to go through this process every time: Google can remember your device for 30 days.
Simply put, it enables two levels of protection, and makes it much harder for someone who stole your password to simply sign in as you from another computer: The second-factor authentication would show up on your phone not theirs.
Indeed, two-factor authentication adds extra work for users, and could pose a problem if you don't have access to your phone. But while it's not necessary for everyone to use it, others most certainly should.
The Chosen Ones
What do most of the hacked Twitter accounts have in common? They were all "verified."
What is "verified," you ask? According to Twitter, it means you are who you say you are. Once you have a verified account, you're not supposed to change your Twitter handle willy-nilly. You also get occasional reports on account activity nothing major, just updates on your most successful Tweet and how to extend your reach. But there's little mention about security. In light of recent events, however, that most certainly should change.
Here's my suggestion, Twitter: Require anyone with a verified account to use two-factor authentication.
I consider it a privilege to be verified, and was honestly quite excited when it happened. It was, for a while, a pretty rarefied blue check mark. These days, Twitter is verifying a lot more users, but all of them are still, more or less, in the realm of trusted brands (i.e. people, products, companies, governments, politicians and celebrities).
When you see the check mark, you assume it's a more trustworthy account, and possibly one worth following. With the size and kinds of audiences these accounts often have, they're also natural hack targets. A hacked verified account is an especially damning loss of trust. When the AP reports explosions at the White House, users take notice even if, as it was in this case, not true.
If Twitter had already been requiring two-factor authentication for these trusted accounts, I can't imagine that we'd be seeing as many hackings.
In a nutshell, when Twitter sends that "Congratulations, You're Verified" email, it should append a "Rules of the Road" note that includes this one critical question: "With your new power comes responsibility. Welcome to two-factor authentication, which will help us and you protect your account and tweets."
I know others agree with me. Now it's time for Twitter and at least its verified members to get on board.
Image courtesy of Flickr, Mark Fischer
No hay comentarios:
Publicar un comentario