Security expert: Twitter should be double certified for security lag

Source: Internet
Author: User
Keywords Security experts security hackers express security

Security experts say Twitter lags behind other internet services in helping users raise account security, the news said early July 8 in Beijing.

Uproar

Twitter's security flaws were particularly evident on the day of Independence Day on July 4. On that day, an unidentified hacker controlled Fox News's Twitter account and released the false death of President Barack Obama. While it is not uncommon for Twitter accounts to be hacked, this false message has sparked a global uproar.

The US Secret Service is investigating the incident. Fox News said it was not sure how the hackers got control of the account, but expressed dissatisfaction that Twitter took 5 hours to regain control.

"What Twitter is doing now is a comprehensive review of security issues," said Daniel Diermeier, a professor at the Kellogg School of Management at Northwestern University, Daniel Dilmer. This is a serious problem for Twitter. ”

Dual authentication

Security experts say the attack may be avoided if Twitter uses a dual authentication technique to secure accounts. In the dual authentication system, the user must enter an additional code in addition to the fixed account password. The code changes every minute, but the user can get it from a mobile phone or other electronic device.

Both Google and Facebook have adopted a dual authentication to confirm the identity of the user.

Security experts say Twitter will soon be under pressure to do the same, especially from influential users such as politicians, large businesses and news organizations.

"They have no choice." If they want to survive, they have to. "said Murray Jennex, a professor of information security at the State University of San Diego, Meury Jennicks. He also warns that if Twitter does not add a double authentication mechanism soon, it will "backfire" and the company's reputation will be undermined by more high-profile attacks.

In addition to Fox News, PayPal's Twitter account in the UK was also hacked this week, sending messages to its fans to encourage them to visit the www.paypalsucks.com website.

Traffic encryption

Twitter allows users to exchange information with their Web sites through unencrypted regular channels, making passwords easy for hackers to steal. The site does offer a number of options to encrypt traffic, but users must manually enter HTTPS before Twitter's web site to achieve this function.

"Twitter should set HTTPS as default because not all users know about it," said Chris Palmer, technical director of the Electronic Frontier Foundation for the United States Privacy Protection Organization (Electronic Frontier Foundation). Many of Google's services are encrypted by default using HTTPS.

"If nothing happens, it's because the hacker is too bothered to attack." "said Palmer.

Linn Fox, a Twitter spokeswoman, declined to say whether the company would increase the dual authentication mode or set HTTPS as the default. "We attach great importance to security and have been looking for ways to help users improve their security," she said. ”

But she added that Twitter users should be responsible for their passwords. "We can't anticipate the dangers outside the station. This is one of the reasons that we are very explicit in alerting users to the security of passwords. "she said.

(Responsible editor: admin)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.