Will Two-Step Authentication Be Enough to Prevent Stupidity in Handling Twitter Accounts?
In the wake of the Associated Press’s Twitter account being hacked yesterday there is plenty of vulture reporting about the possibility of Twitter incorporating a two step authentication process into the service sometime in the future. Gotta love what passes for news these days.
We are piecing together things from various pieces of other things and we are going to say that we think that maybe something like this may happen in the near, or maybe even not so near, future.
But here I am ‘reporting’ on it as well so enough of that talk. This is where the rumors about Twitter getting more serious about account security seem to have begun (maybe kinda sorta). Wired reported yesterday
Twitter has a working two-step security solution undergoing internal testing before incrementally rolling it out to users, something it hopes to begin doing shortly, Wired has learned.
Such a system will drastically reduce the risk of Twitter users having their accounts hacked, something that has been experienced by everyday users and major companies like the Associated Press, the BBC and 60 Minutes.
Two-step (also known as two-factor or multifactor) authentication can prevent a hacker from gaining access to an account far more effectively than a password alone. When logging in from a new location, it requires users to enter a password and a randomly generated code sent to a device, typically via a text message or smartphone application. In other words, accessing an account requires having two things: something you know (the password) and something you have (a previously registered device).
All of this is well and good but the real story is here in this line from the very same article.
According to the AP, this likely happened via a phishing attack in which a user was tricked into handing over a password. Two-step verification would have prevented that.
Uhh, really? Yeah it may have prevented that particular kind of phishing attempt from being successful but one thing no level of security anywhere can prevent is much more basic. It can’t prevent stupid. It is likely that someone pulled a real bonehead maneuver and this account was hacked. There is no two-step verification process for not thinking or being a sucker.
You see, in order for a hacker to have success it is less about their technical ability (although that is a huge part of the overall plan) but more about their ability to find someone who is simply not very bright to help them carry out their bidding. That, my friends, will NEVER go out of fashion or be in short supply. We are reaching new levels of doing things that will make many scratch their heads bald. (Oh and lest you think I am being high and mighty here I would be at the front of the line wearing the biggest dunce cap on many a day. I’m OK with admitting it because the truth is just that; the truth.).
So go ahead Twitter. Do whatever you want to but those who want to make a mess of things will ratchet up their efforts because they now have proof of what can happen when some sources are commandeered and used to hand out some misinformation. Did you see Wall Street respond yesterday? It was not pretty.
Let’s face it, the ‘closer’ we all get via social media, the more fragile the entre fabric that holds this together gets. Now panic spreads at amazing speeds and it is not filtered by the greatest preventer of stupidity: time.
We have only seen the beginning of this and it will likely not get much better before something big happens.
Cynical? Sure. Realistic? I believe so. What do you think?