The Twitter Security Dilemma
Your middle name. The first street you grew up on. The name of the first family pet. These are the answers we give to password security questions online without even considering the simplicity of the questions being asked or the availability of the answers to these questions in varied online forums. Everyone does it, from your children to the top people at powerful companies, and thus leaves themselves open to the whims of hackers. Twitter learned this the hard way when a hacker recently gained access to the company’s internal information and employee’s personal accounts through the vulnerability and simplicity of the “forgot password” security question.
The hacker, who goes by the moniker of HackerCroll, was able to break into a Twitter executive’s Gmail account not through any use of complicated tools or know-how, but rather by using personal information he found on their Twitter feed to guess and then find the answer to a password security question. From there, HackerCroll gained access to this administrator’s GoogleApps account, the personal accounts of a number of Twitter employees, and found a group of private financial documents and notes for Twitter and gained access to a number of employees PayPal and Amazon accounts, among others. The internal company information HackerCroll gained access to includes employee lists and salary information, confidential contracts with companies, meeting reports, the pitch for the Twitter TV show, and internal discussions of Twitter’s financial future.
Internet Security Questioned
In the remarkably interconnected world we live in today, companies and consumers can no longer follow the same security process that is in place. Gmail and other online services that use the simplistic system of four letter passwords and the most blatantly obvious password security questions like “What’s the name of the street you grew up on?” or What’s your middle name?” are stuck in a time warp. They do not seem to realize the volume of personal information that’s out there makes these kinds of questions obsolete and dangerous, and yet they are too comfortable with the status quo and unable to change their ways and their questions. By asking these questions and not adapting to the times, online companies have lolled consumers into a false sense of security. It’s a failure of their obligations to customers, and it is sad.
That being said, consumers also have an obligation to protect themselves online. This means being careful with which personal information you reveal online in places such as social networking sites, what types of sites you visit, and most importantly, how you protect your security information and passwords online. People today are so private in their personal lives, why do they not carry that same kind of care to their personal information and records online? If a person does not defend themselves online to their full capabilities, then there is a chance a hacker can and will rush in when they see an opening.
Protecting Yourself Against Computer Security Hacks
For consumers to protect themselves from the danger of hackers and their younger relatives equally, consumers need to take intelligent step that will keep anyone from guessing your password and guarding yourself against the idiocy of online companies. Whatever password security question is asked of you, you should always create an answer that is both false but is easy enough to remember the answer to. The best defense is a good offense, and by using trickery, a person makes the threat of a hack from anyone that much harder. Just make sure the false answer is one that is realistic and not to complicated so that you can remember it. Consumers also need to get away from the habit of using passwords such as the name of your dog or your favorite color for your permanent password on the websites you sign up for. It’s great that you love your dog, but when a hacker goes on Facebook and finds her name, how much are you going to love Fluffy? Instead, what you need to do is is use a strong password for every website. This password is made up of uppercase and lowercase letters, numbers, and symbols. An example would be the world symbol translated into password talk, which comes out to $yOm801. You could distinguish with this password between websites by adding a unique handle to the end, such as M@ster for Monster. As long as you choose a simple strong password and remember to distinguish between sites, you should be protected from even the strongest threats.