Twitter CEO Jack Dorsey was hacked on Friday. Here's how to protect your Twitter account

by



[ad_1]

Dorsey was probably the victim of a SIM card swap, a practice in which a hacker corrupt or convince an employee of a mobile phone operator to change his phone number on his device.

"Anyone can earn an hourly wage of $ 12 per person and offer him a thousand dollars to make a SIM card exchange," CNN Business Brian Krebs, a leading cybersecurity journalist, told CNN Saturday.

Thanks to a feature left since the beginning of Twitter, if a hacker takes control of the phone number associated with your Twitter account, he can send by SMS any tweets he wishes to Twitter number, 40404, and they will be immediately published on your account. The hacker would not need any other checking – not even the password of your account.

Interviewed by CNN Business on Saturday, Twitter declined to comment whether it would change its security practices after the Dorsey incident.

Our lax cybersecurity policies put our elections and our data at risk

In the meantime, there does not seem to be any real way to disable the functionality that the hacker (s) apparently exploited to take over Dorsey's account. The only way to do this is to create your account. less Safe in the whole. But you can still do some things to protect your account against this type of attacks.

Verification codes

First, it's a good idea to always enable two-factor authentication, which is an additional verification step to confirm your identity beyond your normal password. But even the double factor will not protect you from hacking the SIM card.

All the checks are not equal. A hacker can intercept security codes sent via a text message, which makes it useless.

Fortunately, Twitter offers several more secure verification methods.

It would be better to use the Google Authenticator phone application, which will provide you with codes. A hacker would then need your phone to get the codes. You can also use a physical security token, a small hardware that you can buy separately and that generates security codes. A hacker would usually be need to physically steal this key to access an account.

Replace your phone number

At the moment, it seems that the only way to disable the ability to use text messages to send a tweet from your account is to: completely erase your Twitter phone number. But there is a problem: it will disable two-factor authentication on your account. I've tried several times to keep the dual factor enabled on my own Twitter account while deleting my phone number. Whenever it appeared Twitter would allow me to do that, but when I refreshed the page, two factors were of.

What can you do instead, If you are in the United States, try replacing your phone number with a number generated by Google Voice, as suggested first on Twitter by Krebs. A Google Voice phone number is not managed by a mobile operator and no hacker could talk to help you get control of your number.

"If you try, you can not contact someone from Google Voice on the phone," Krebs told CNN Business.

According to Mr. Krebs, this is not a perfect solution because your Google Account could also be hacked via the swapping of the SIM card if you are ready to receive text messages for two-factor authentication for that account. And anyone outside the United States will have to find alternative service. However, it would still be effective to activate an alternative verification method on your Google Account and to follow other generally effective security procedures, such as setting very strong and unique passwords for all sites that you use and use a password manager to track them.

Kevin Collier from CNN contributed to this report.

[ad_2]

Source link