Tuesday’s hacking of the Associated Press account leaves no doubt that Twitter has become a central hub of information. And that’s why breaching the social network is so attractive to hackers like those who sent out a fake bulletin from the newswire giant’s Twitter feed.
Having someone break into your own Twitter account may not move markets or get you a mention in a White House briefing, as was the case with the the AP hack, but it could still have a dire effect on your personal life. The steps to take in protecting your Twitter account are much the same as the methods used to protect other online accounts.
■First: Come up with a strong password. Yes, passwords are an imperfect way to protect accounts, but they’re the best we have right now. And as frustrating as it is to memorize a series of passwords, users should at least have unique passwords for the services they use the most — those ones that would have the greatest effect on a user’s online reputation. That way, if attackers hack into your account with an online retailer to get your onetime discount, they won’t also be able to use that password to take over your Facebook account.
When creating a password, avoid common words — no “password123,” please — and use a mix of symbols and letters. Many security experts recommend using a phrase because the length makes it harder to crack. Avoid using your name, or the names of kids, relatives or pets that you may have posted publicly on a social media account.
■Another important step: Be on the lookout for odd e-mails. According to a report from the Associated Press itself, attacks on two of its Twitter accounts came after suspicious “phishing” e-mails were sent to its employees.
If you get an e-mail from Twitter that says there’s a problem with your account or that it has been hacked, immediately delete the e-mail, head to Twitter.com and change your password. If it’s a genuine e-mail from Twitter, you’re doing exactly what you should in that situation. If it’s a phishing attempt, you’ve just made it more difficult for hackers to take over your account.
Never click on links in those e-mails and never reply with an e-mail that includes your username and password. Like most reputable online services, Twitter won’t ask you to share your login information through e-mail.
■ Extra security: Some online accounts, including Facebook and Google, require or offer users the option to turn on two-factor authentication — an extra layer of account protection. With two-factor authentication, also known as multifactor authentication, companies send users a second, randomly generated code to enter along with their user name and password when they log in from a new location. Without giving all those pieces of information, a user can’t access an account.
Twitter does not offer such authentication, but Facebook and Google will text a random code to users who choose the option. Google also offers an app that users can consult for a new code every 30 seconds or so. Though it may be annoying to have to wait for a code every time you log in, the extra layer of security could be well worth that small inconvenience.
According to a report from Wired on Tuesday, Twitter is testing a two-factor option for its network. When asked about the report, Twitter spokesman Jim Prosser said that the company has nothing to share at this time.
The company put out a call in February for an engineer to work on a multifactor solution, after disclosing that its systems had been hacked.
Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.