What the Twitter hack says about us
The accounts had been taken over by hackers that posted a slightly tweaked crypto scam and after about four hours once the accounts had been secured, millions had seen the hacked tweets, with hundreds having sent bitcoin resulting in over R1,5 million paid to the scammers.
Worse than the loss of money was the loss of control but rather than it being a failure of technology it was a failure of understanding how we work.
While investigations are ongoing, the statements by Twitter so far suggests that the hack managed to get support staff to allow their own tools to be used to post on behalf of the accounts, so less a hack than a con.
More often than not when security breaches happen it is thanks to someone being conned rather than something being hacked. The reason is that that is much easier to convince someone how to get access to a system than it is to actually hack it.
Passwords and probability
Consider a password that was a single digit. You are guaranteed to crack with just 10 options, adding a second digit and the options increase by 10 times, with just three and there are a thousand options Add a letter and a four-character password has over 1,5 million combinations. If you had to stop a human cracking your password 1,5 million combos would be fine, but humans don’t try crack passwords, machines do.
Using a 5 character password with number and uppercase and lower letters and you have over 60 million combinations but a computer can generate combinations at a rate of 2 billion per minute and this is why your password needs to be so long and hard not to stop humans but to stop computers.
The simple answer is to get a password manager which will generate and store unique and very tough passwords (12 character passwords using digits, upper & lower case letter and special characters will have enough combinations that will take over 7 million years for a computer to crack).
If you add a second login step, which is what two-factor authentication so besides the password you then also get an sms or enter a code generated on a separate app that confirms you are who you are.
You might get an option to identify objects in a picture, something humans are good at and machines not so much or you might even just be asked to click a square to prove you are not a machine, as odd as that may seem, we click so slowly and randomly that it is quite easy to tell the difference.
Get a password manager:
This is why hackers are more likely to target you, not your computer now.
Beware the phishers, smishers and vishers
Seeing as it is now much easier to con use than our machines you need to know a little more about phishing.
It covers attempts to get you to give up information that would help hackers access your accounts.
The basic version is typically an email to get you to follow a link or reply with info that compromised your account. The emails are sent randomly to get as many positive outcomes as possible. Spear phishing is targeted at an individual so the email may be more personalised. Whaling is spearfishing business owners and those with lots of business access.
In South Africa, many phishing attempts are via SMS, this is called smishing and should you get an actual scam call that would be vishing and then there is the version that attempts to con you via a dodgy social post or online ad which is known as angler phishing.
It is difficult to be vigilant all the time so look to combine the best of a variety of strategies that allows you to be a bit more relaxed while still be covered.
Use Two-factor authentication
If you can add a separate confirmation to your login that makes it much safer from the brute force attacks that could just guess your password. Receiving an SMS code or using an authentication app means your account could not be accessed if your password was stolen. Even phishers would need to get access to your phone once you accidentally gave them access to you your details and while sim swaps remain a potential weak point an authenticator app goes a long way to protect your account and a password manager would take care of creating and remembering those impossible to crack 12 character passwords and save you from needing to use your birthday as a password for all your accounts. You would need just one good one for your password manager and you are as safe as you can be during a pandemic.
Remaining calm during a crisis is a skill that would benefit all of us. For those that supply it, it will be profitable too.Read More
How to balance free speech with constructive engagement and manage it all as a business.Read More
A look at some of the shift predicted by TrendWatching that may take hold as a result of the impact of Covid-19 and the growing impact of climate change.Read More
One of the worst years this century did not stop some industries from having their best year yet.Read More
The headline relates to vaccine origins, this is about how close we are to a Covid-19 vaccine.Read More
500 million metric tons are produced a year, but environmental considerations are making alternatives look more attractiveRead More
At the moment, the IPO has been postponed, this is the story of how we got here.Read More
Will Donald Trump win again, the two men that correctly predicted it in 2016 weigh in on 2020Read More
The future of agriculture may draw more from its past than the presentRead More
Over 1000 MW of renewable energy will be added to the grid in the next year, we need a way to store it.Read More