Having your Twitter account hacked and seeing offensive, militant or simply humorous messages published there against your will is a real risk from which no one is immune. In August 2019, even Jack Dorsey, the boss of the social network, had his account taken over by hackers who published racist and negationist messages there.
Accounts with a lot of subscribers are prime targets for hackers, who can thus distribute the content of their choice to a large audience. But anyone can be a victim of hacking. Here’s how to avoid it.
Table of Contents
Use a long and complicated password
The importance of a good password is paramount, and yet access codes like 123456 or password continue to be in the top 5 of the most used passwords. They are easy to guess and vulnerable to brute force attacks, which use a program to try out all possible combinations. To protect yourself from this, Twitter recommends using a password that is at least 10 characters long and includes special characters such as all caps, numbers and symbols. They should also be different for each website. Thus, if one account is compromised, the others won’t be.
Using so many complicated passwords can give any user a hard time. The most confident will use elaborate mnemonic devices. Others will refer to password management software that allows them to be stored in a digital safe secured by a single access code.
But as solid as it is, a password can easily be reset, which can be done with a simple click on the “forgot password” button as long as the hacker has access to the mailbox of the holder of the password account.
Double authentication: solid but circumventable
In this case, nothing beats the use of two-factor authentication, which adds a layer of security to the usual username/password combination. At each connection, the user must then confirm his identity by entering a code that he receives by text message. A person who wishes to enter the account must therefore not only know the password but also have physical access to the holder’s phone. This makes it difficult for hackers, but not impossible.
Indeed, it is probably not an overly simple password that made it possible to hack the Twitter account of Jack Dorsey, but a technique known under the name of “SIM swapping”. This method consists of taking control of someone’s phone number by calling their service provider and asking them to transfer their line to a new device, on the pretext of losing their SIM card. In this case, customer service asks for specific information that is not impossible to obtain, such as the subscriber’s birthplace or the name of their pet.
Once in control of the line, the hacker can then receive SMS instead of the legitimate owner. This is undoubtedly what made it possible to hack Jack Dorsey’s Twitter account, based on a feature of the social network that allows messages to be sent by SMS. It is, however, possible to guard against SIM swapping by giving your operator verification information that is impossible to guess or simply by using a two-factor authentication solution based on the use of software installed on the phone.
Adapt your security
The ingenuity of hackers is matched only by their motivation to penetrate so-called “tamper-proof” systems. As with bicycle locks, the question is less whether an account can be entered, but more in how long and with what means. It is then up to users to know how many layers of security they want to put between their accounts and malicious individuals. For regular users, a strong password that changes between accounts should suffice. As for those who fear being targeted by motivated hackers, they will turn to double authentication based not on SMS but on an application capable of generating unique codes like Google Authenticator, or even a physical key like YubiKey.