{"id":1943,"date":"2013-05-28T16:30:21","date_gmt":"2013-05-28T20:30:21","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=1943"},"modified":"2020-02-26T18:57:10","modified_gmt":"2020-02-26T14:57:10","slug":"twitter-improves-hack-protection","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/twitter-improves-hack-protection\/1943\/","title":{"rendered":"Twitter Improves Hack Protection"},"content":{"rendered":"<p>Twitter has recently caught up with competitors like Facebook and Google by improving user protection with two-factor authentication. This will help us all forget about those much talked about account takeovers of the <a href=\"https:\/\/me-en.kaspersky.com\/blog\/twitter-ap-hack\/\" target=\"_blank\" rel=\"noopener\">Associated Press<\/a> and <a href=\"https:\/\/threatpost.com\/fox-news-caught-sleeping-after-twitter-account-hacked-070411\/\" target=\"_blank\" rel=\"noopener nofollow\">Fox news<\/a>, which briefly even affected the Dow Jones.\u00a0 The hacking of a personal account is typically not that significant, but is still very unpleasant for the account owner. That\u2019s why we\u2019re using this occasion to remind you of Twitter\u2019s safety rules.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/05\/05113547\/twitter_title.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1946\" alt=\"twitter_title\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/05\/05113547\/twitter_title.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p><b>Maximum security<\/b>. Always select the protection options that provide the maximum level available. For Twitter, it now means switching on two-factor authentication. When you log into Twitter.com you\u2019ll provide not only your username and password, but also a six-digit protection code, sent to your cell phone via text message. Thanks to this measure, it won\u2019t be possible to take over your account even after a password theft. To switch on two-step authentication, you have to log into Twitter, open your account settings and select the option \u201crequire a verification code when I sign in.\u201d Next, you\u2019ll need to provide your mobile phone number and follow the onscreen instructions to verify it. Please note, that Twitter is gradually rolling out this function, so it might not be available for your account yet. In this case, check back in a week or two \u2013 it should be available after that time.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/05\/05113549\/Screen-Shot-2013-05-28-at-3.22.27-PM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter  wp-image-1945\" alt=\"Screen Shot 2013-05-28 at 3.22.27 PM\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/05\/05113549\/Screen-Shot-2013-05-28-at-3.22.27-PM.png\" width=\"480\" height=\"195\"><\/a><\/p>\n<p>This authentication method has one significant disadvantage \u2013 it makes logging in more complicated when you sign in from a location with bad or absent mobile network coverage. Google solves this issue by remembering your devices and skipping secondary confirmation for up to one month, if you keep logging in from a trusted device. Twitter does eventually plan to ask for the confirmation code each time you log in.\u00a0 In many cases, increased security is worth this inconvenience.\u00a0 However, there may be complications for corporate account owners like the aforementioned Associated Press or Kaspersky Lab. Typically there are several people using one account, but Twitter allows only one phone number for verification. As we were considering our options to setup a workflow with this limitation, someone stole one of our passwords via <a href=\"https:\/\/me-en.kaspersky.com\/blog\/man-in-the-middle-attack\/\" target=\"_blank\" rel=\"noopener\">public Wi-Fi<\/a>. The attacker briefly took over our German-language Twitter account and sent some spam links to our followers.\u00a0 Of course we regained account control in just a couple of hours and deleted all spammy messages, but we now won\u2019t be waiting before switching on two-factor authentication.<\/p>\n<div class=\"pullquote\">Always select the protection options that provide the maximum level available. For Twitter, it means switching on two-factor authentication.<\/div>\n<p><b>Use<\/b><b> <a href=\"https:\/\/me-en.kaspersky.com\/blog\/infographic-password-protection\/\" target=\"_blank\" rel=\"noopener\">strong password<\/a><\/b>. Two-factor authentication doesn\u2019t replace a reliable, hard-to-break password. It has to be long, non-obvious and impossible to guess \u2013 it will save you from a brute-force attack targeted at a web service password database. <a href=\"https:\/\/blog.twitter.com\/2013\/keeping-our-users-secure\" target=\"_blank\" rel=\"noopener nofollow\">Twitter was even hacked,<\/a> so this menace is not phantom.<\/p>\n<p><b>Watch Out for Phishing Pages<\/b>. You should constantly be on the lookout for phishing scams that ask you for your password or any other sensitive information. If you get an email prompting you to reset your password, but you didn\u2019t request that email, don\u2019t click through. And be careful about clicking through on links from URL shorteners like bit.ly, which have become the unwitting conduits for scammers who want to mask the final destination of that click.<\/p>\n<p><b>Don\u2019t Use Public Computers or Public Wi-Fi.<\/b> If it\u2019s not your personal computer, don\u2019t use it to access personal accounts. You have no idea what kind of malware or malicious scripts are running on hotel or airport business center computers or even your friend\u2019s laptop. Public Wi-Fi connections are typically unencrypted, making it easy for any attacker to eavesdrop on you and steal your passwords. If you can\u2019t avoid using an open Wi-Fi network, protect yourself by <a href=\"https:\/\/me-en.kaspersky.com\/blog\/vpns-use\/\" target=\"_blank\" rel=\"noopener\">using a VPN connection<\/a>.<\/p>\n<p>\u00a0<\/p>\n<p><i>A note to advanced users<\/i><\/p>\n<p><i>To avoid SMS delivery issues, it\u2019s possible to use third party applications for Twitter access. Previously authorized apps will work as usual even after you switch on two-factor authentication. You can also authorize new apps by logging into Twitter and managing the app\u2019s passwords via settings. However, it\u2019s important to understand, that this shifts the security from Twitter into a specific application and it becomes the developer\u2019s responsibility to protect the app\u2019s users from password and data theft.<\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Twitter has recently caught up with competitors like Facebook and Google by improving user protection with two-factor authentication. This will help us all forget about those much talked about account<\/p>\n","protected":false},"author":32,"featured_media":1947,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[314,344,83],"class_list":{"0":"post-1943","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-data-breach","9":"tag-online-protection","10":"tag-twitter"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/twitter-improves-hack-protection\/1943\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/twitter-improves-hack-protection\/1943\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/twitter-improves-hack-protection\/1943\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/twitter-improves-hack-protection\/1943\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/twitter-improves-hack-protection\/1943\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/twitter-improves-hack-protection\/884\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/twitter-improves-hack-protection\/1943\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/twitter-improves-hack-protection\/1943\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/data-breach\/","name":"data breach"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=1943"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1943\/revisions"}],"predecessor-version":[{"id":15550,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1943\/revisions\/15550"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/1947"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=1943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=1943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=1943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}