back to article Oi, journos. Try NOT to get hacked again. Lots of love, Twitter

Twitter has warned news agencies that hackers could strike again unless journalists take basic precautions - like using a decent password. The micro-blogging site wrote to a number of news outlets warning that hackers consider them "high value" targets. Their note of caution comes as the Syrian Electronic Army continued their …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    2FA

    Or twitter could put in place some sort of decent two factor authentication as an option, especially given that they've set themselves up as one of the web's main identity providers.

    1. Electric Panda

      Re: 2FA

      Every time I've suggested this, people on El Reg have laughed and mercilessly downvoted me for $reason they are unwilling to share or disclose.

      2FA is a no brainer and should at least be an option for high profile, verified accounts. The fact that Twitter accounts get routinely owned with embarrassingly relative ease makes a solid case for it.

    2. Anonymous Coward
      Anonymous Coward

      Re: 2FA

      Twitter is working on 2FA. :-)

      1. Alister

        Re: 2FA

        Twitter is working on 2FA. :-)

        No, I think you misheard, Twitter is working on sweet FA

        1. ecofeco Silver badge
          Trollface

          Re: 2FA

          "No, I think you misheard, Twitter is working on sweet FA"

          I think I just hurt myself snickering.

          Is that even possible?

  2. Anigel

    Gone are the days where you had to get specialist appliances and key fobs to enable 2FA, it really is an easy solution and when you run a network that is now used as an authentication system by so many 3rd party services, there is no excuse for not stepping up and offering the more security conscious punters at least an option of using it.

  3. Pete 2 Silver badge

    At least someone still loves them

    > journalists ... consider them "high value"

    Even if you do have to take things extremely out of context to get there.

  4. Frankee Llonnygog

    Most businesses publish the email addresses and phone numbers of their press team

    The corporate Twitter accounts are probably registered to members of the press team

    So, all you need to do is con one of the press team into giving you their password.

    "Hi, this is Fred from Twitter. We need to reset your password ... "

  5. Anonymous Coward
    Anonymous Coward

    Feeble - How are the twits at Twitter such a global online player...?

    ---The social network advised having just one computer to use for Twitter and don't use this computer to read email or surf the web, to reduce the chances of malware infection...

    ---TrendMicro said this piece of advice was unworkable: The point of Twitter is that it's instant, and you can react instantly. If you have to run back to the office to get to a particular computer to use Twitter, that's obviously going to impact upon its use...

  6. Steven Roper
    WTF?

    What the...

    "This computer should NOT be used to surf the web or do anything but tweet, which definitely overestimates the IT resources available to most news outlets in the digital age."

    If you can't afford even one cheap $50 second-hand PC with nothing more than an OS and browser, set up exclusively for Twitter/Facebook use, you can't afford to run a bloody news outlet, mate.

    1. countd

      Re: What the...

      Or you could just a VM but it seems like total overkill, Twitter should provide better security, end of.

  7. Euripides Pants

    Alternatively...

    http://www.internetisshit.org/print.html

  8. MrPrivacy

    2FA

    2FA is somewhat over-rated. The only thing it really protects against is someone logging into your account from an untrusted location after they have your password. It normally doesn't protect against someone resetting your password if they have control of the email account associated to the account being compromised. First, the attacker resets your email password. Then they reset your social network or bank or other account password which usually requires clicking a link sent to the associated email account (which they have taken control of). It may also require answering a challenge question, but the point is, it usually won't trigger 2FA. Once they have control of the account, they can turn 2FA off. Perhaps what we need is the option of not allowing a password reset at all (at least on sensitive accounts) only a password change when logged in. Assuming one uses different passwords for email vs. the accounts the email is associated with, they at least have a chance of retaining control. This solution assumes you can remember your passwords or store them someplace secure. Otherwise, a forgotten password may render the account useless.

This topic is closed for new posts.

Other stories you might like