1(630)802-8605 Ravi.das@bn-inc.net

It’s hard to believe that June is already over, and that we are now heading into July.  What’s even more hard to believe is that next week is the 4th of July.  With it being in the middle of the week, I am sure that most people will be taking the entire week off.  Boy, I wish I could, but I will still be here bringing you the latest in Cyber security.

So when a holiday comes around, what is the fastest way to communicate with family and friends, apart from texting or calling?  Yep, you got it, it is social media.  When it comes to these kinds of occasions, it seems like that Facebook and Twitter are the most commonly used ones, with  the latter being the most popular.

And, when this happens, you know yet another truism that will happen:  The Cyber attacker is out to get your personal and confidential information yet once again, when you are the least vulernable.

So, as the mantra goes, what is the best line of defense?  Keep your guard up, don’t give out your password, always change your password, blah, blah, blah.  The usual stuff you hear from every Security expert that walks on this planet.  But this morning, I came across a news headline which I thought you should know about.

First, remember some time ago, I wrote a posting on how the username/password database of Twitter was hacked into?  Remember, that it was outsourced to a third party, and it was that which has hacked into?  Also remember that Twitter made a bunch of promises that it  would upgrade its levels of Security for account holders?

Well, back to  the news headline . . . Twitter just announced that yes, it is actually upgrading (imagine that!!!).  They will soon be offering support for Two-Factor Authentication (2FA) as part of its effort to fight spam and malicious automation.  Here are some of the new features that it will offer:

  • Anyone with the setting enabled will be able to use the new feature as long as it is associated with a mobile number that belongs to the account holder.
  • New users to Twitter will now be required to add some form of two step authentication, via email or with a mobile number, when creating their account.

This is an attempt to direct account holders to real and genuine Twitter pages.  Apparently, there are many spoofed up pages out there that look like real Twitter pages, and from there, the Cyber attacker can then hijack the information that belongs to the account holder.  So, the idea behind the 2FA is to make sure that when the account is logged in, they are taken directly to the real Twitter home page.

Also, existing accounts will also be subject to audit by Twitter in an “to ensure that every account created on Twitter has passed some simple, automatic security checks designed to prevent automated signups.” (SOURCE:  https://www.scmagazine.com/twitter-adds-u2f-support-and-other-features-to-prevent-phishing-spam-and-fake-accounts/article/777094/).

So, in addition to this, I guess you also need to make sure of the  tweets that you post . . . in order to  avoid an audit (kinda like dealing with the IRS, right??? LOL).

Also, believe it or not, Twitter is  also seriously thinking of investing heavily into other Security technologies, other than 2FA.  They are looking at using a combination of Machine Learning, Artificial Intelligence, and even Neural Networks to keep a 24X7X365 watch on people’s accounts and news ones as they created.  The basic premise of this is to also learn and model the behaviors of the accounts that they have in order to track down suspicious behavior.

After all, with well over 330 million account holders, no human can keep a constant watch on all of this. The other objective that Twitter has with the increased levels of Security is to address bots that inundate timelines with unwanted content and fake news as well as fight abuse, trolls, and spam.

With a Bot, a  Cyber attacker can easily gain access to end user’s account, and from there, use that to leverage spam and other slanderous messages to literally millions of other Twitter accounts.

My thoughts on this?  I think it is good to hear that a social media giant like Twitter is stepping up the ante in its game to fight Phishing attacks.  But it is important to keep in mind that 2FA is just that . . . two layers of Security.  The idea  behind this is that if one layer of Security is broken through, then the Cyber attacker will not be able to break through the second layer, at least this is what theory holds.

But, when you are using things like a mobile number or a more complex password, the chances are still great that a Cyber attacker can break even through the second lines of defense.  The article also mentions that the use of a FOB will be required.

In all honesty, how many account holders will actually use this FOB and create a more complex password???  This will be viewed  much more as an inconvenience, and as a result, people could even shut their accounts down in favor of using something else like Facebook.

In my view, what Twitter really needs to do as part of its effort in the 2FA process is to make the mandatory  the use of a Password Manager that is offered free of charge to the account holder.  With the Password Manager, long and complex passwords can be created.  But not only that, but the Password Manager will also remember these crazy passwords so that the account holder does not have to.

Also, to have a true layer of 2FA, a Biometric should be used as well.  Most likely, this can be either Fingerprint Recognition or even Facial Recognition.  Twitter should be able to do this without too much difficulty, as Apple already has this integrated with its line of iPhones.

So, for example, if an account holder wants to log onto Twitter from a mobile app, they can enter in their username/password combination and from there be further authenticated with their face or fingerprint using either the TouchID or FaceID (whatever technology that particular iPhone model has).

Well, hopefully Twitter sees this post and may  even consider some of my ideas . . . ???!!!