There are several accessible tips that can be applied to quickly and strongly secure your online accounts, such as Twitter.
Unpleasant weekend for the British Army on the web. Two accounts managed on behalf of the English military were temporarily hijacked to promote content related to cryptocurrencies and the business of non-fungible tokens (NFT). But the services put forward are similar to attempted scams, reports Engadget on July 3.
The circumstances in which the Twitter and YouTube profiles were polluted – all disputed content has since been removed – are not clear. This is not the first time that accounts with a large audience, and which are also “verified” with the platforms concerned, have suffered this type of attack.
One of the most likely leads is the exploitation of a weakness in a third-party service that has been granted the rights to post to the British Army’s YouTube account or Twitter profile. It is by this kind of approach that the ex-boss of Twitter, Dick Costolo, was hacked on Twitter. And it is also through this that Despacito’s clip probably had some trouble.
In fact, the rules applied by the British army to ensure control of access to its accounts on social networks will inevitably be scrutinized in the light of the incident which took place on July 3 – and the lessons will no doubt be fired. However, the incident is an event that the public can also take advantage of to protect themselves.
Better secure your Twitter account with these 9 gestures
These tips are already widely known, if only in the IT and computer security sector. And it is not a question of saying that their only application is enough to draw aside all the threats and forever. But the more Internet users apply these instructions properly, the more the surface of the risk is reduced. And in fact complicates the life of hackers.
1. Enable two-factor authentication on Twitter. This is the method that brings the greatest gain in terms of computer security. This consists of entering a code, in addition to the password, which is received either by SMS or generated with a mobile application previously synchronized with the Twitter account. The mobile app method is considered safer than the SMS method.
2. Use a unique password for Twitter. You don’t help yourself by using the same password everywhere. If this is found somehow, it unlocks everything. Use a strong password. And you have trouble remembering them all? So switch to a password manager: it’s always more reliable than post-its or your memory.
3. Don’t Share Your Twitter Password. You have to check who has access to the password and drastically limit the number. In fact, this one shouldn’t even be shared. In fact, there are mechanisms that serve to share access to a Twitter account without giving the password. This is the case of Tweetdeck, with more or less broad rights depending on the person.
4. Get rid of third-party apps. A pirate, if he can’t go through the door, will go through the window. Even with a valid password and double authentication, your account may be vulnerable because you have given access rights (write, read, delete, etc.) to a third-party application. Review them and delete them when they are no longer needed.
5. Secure those third-party apps well. If you still need to use them, you need to make sure that they will cause the least problems: do they use a good password, if there is one? Who has access? Are they up to date? Are the rights granted sufficiently calibrated? Have you enabled all security options, if offered?
6. Log out of old sessions. Multiple endpoints may still have active access to your Twitter session, because you logged in through them. This is the time to review the accesses that are still active and cut them – for example, if an old smartphone that had access to the account, but that you gave away or resold.
7. Lock your PC or smartphone. Is the terminal used to access Twitter protected, with a password or a biometric device (fingerprint, facial recognition, etc.). ? Attacks against your account can also be done by having physical access to your computer — it’s rarer, but it’s not impossible.
8. Do not click anything in emails. Phishing attempts go through emails to steal your username and password. Of course, with double authentication, you have additional protection, but you might as well have good practices: do not entrust any of this data to a site to which you have had access via a link sent by email.
9. Prevent Too Simple Password Reset. Twitter offers a tool that is used to add additional protection, by blocking the password reset. More precisely, this is conditional on the provision of additional information to avoid stolen accounts by changing their password.
This list, which already includes nine actions to be carried out, could probably be extended further. By applying them scrupulously, however, exposure to common threats against your Twitter account will be greatly reduced. Note that these tips may be found more or less in other online services. Do not hesitate to use them elsewhere.