The easy fix that could end Twitter’s celebrity account-hacking problem
June 9, 2016
Shah Sheikh (1294 articles)

The easy fix that could end Twitter’s celebrity account-hacking problem

Twitter is under attack. To be fair, so is virtually every other online service. However, the number of hacked high-profile Twitter accounts is reaching epidemic proportions, with mischief-makers hijacking the streams of Katy Perry, Mark Zuckerberg and even the NFL in recent weeks.

Twitter needs to do something, and the fix is as obvious as Jack Dorsey’s now clean-shaven face: Two-factor authentication for every single verified account.

If virtually all celebrities are verified by Twitter (that tiny and somewhat coveted blue checkmark), then it stands to reason that this will stop 95% of all these celeb account hacks.

Say what?

First, though, a quick primer on two-factor authentication. What it means is that, when you sign into Twitter, you have to prove who you are in not one, but two ways. Not only do you need your password, but you also have to enter a one-time code into a second pop-up screen. That code will typically come from your phone via a text message. It’s usually a randomly generated set of numbers and/or letters sent to you by the service you’re trying to sign into.

The reason this works so well as an authentication scheme is that the number is not sent to an email address, which may have already been hacked. Instead, it goes to a phone number. The system is, in other words, verifying the identity of the account holder since that person would likely be the only one with access to that phone. (Teams running an individual account can also use other methods to verify logins, so not everyone needs to share the same phone.)

It’s a great way to block would-be hackers who may have gotten your user name and password, but probably don’t have your smartphone in their hands.

There for the taking

Twitter has long had a two-factor authentication option. Anyone can opt-in now. Just remember that you will need your phone to log into your Twitter account, even on the desktop. Hacked Twitter accounts hurt Twitter’s reputation as much as it does the celebrity’s.

Not everyone needs or wants this level of security. I’d imagine many would consider it an annoyance, even if it does stop hackers from ruining your social media life

Celebrities are different, though.

Just take a look at all the celebrities who been hacked in recent weeks and days. Katy Perry has over 83M followers. Drake has 33 million. NFL Commissioner Roger Goodell has almost half a million. Mark Zuckerberg has 416,000 (despite having not tweeted in four years).

When they got hacked it was big news and a big headache for them as the hacked accounts reported fake deaths, made racists and inflammatory comments and asked people to follow random and questionable accounts.

These high-profile verified accounts worked hard to get where they are and to earn that blue check. Isn’t it worth a little extra baggage? Twitter might argue that it goes against its principles to enforce that kind of security. I say: The benefits afforded by verification — greater visibility, an “official” stamp that says you are whom you say you are, and the potential for faster follower growth (it’s seems safe to assume that people more readily promote verified accounts than others) — make it a fair trade. Ultimately, the Twitter celeb would be doing something that benefits both parties. Hacked Twitter accounts hurt Twitter’s reputation as much as it does the celebrity’s.

What can Twitter do?

Twitter has said very little publicly about the growing number of hacks beyond reminding people to implement better password security and announcing that it’s comparing the various password leaks with its own data to, I guess, try and get ahead of the problem and warn people. I think that’s why Twitter recently forced me to change my own Twitter password. While I was on the road, Twitter — without explanation — told me my account was locked and I had to change my password. Concerned, I had others check my account for weird tweets. There was nothing. Even so, I had no choice but to change my password.

When I asked Twitter about the hack epidemic and the possibility of requiring two-factor for all verified accounts, a spokesperson sent me this statement:

If you think we’ve seen the last of hacked social media (mainly Twitter) accounts, consider this: Over 400 million MySpace and Tumblr credentials and at least 117 million LinkedIn passwords were stolen. Many users and, yes, even celebrities, apparently re-use passwords across multiple services, making them even more vulnerable. Twitter can’t do much about that, but two-factor would still help block the hacker rush because the hacker would not have their phones.

While Twitter won’t act, I hope that everyone reading this, especially prime targets like celebrities, will take my advice and implement two-factor authentication now.

Here’s a quick look at how to do it

Twitter two factor auth

Twitter two-factor authentication steps 1-3


Twitter two factor auth

Twitter two factor authentication steps 4-6


What do you think about making two-factor authentication a requirement for Twitter verified accounts? Will it solve the problem, or is it unworkable? Let us know below.

Source | Mashable