Mark Schaefer Posted on MADS Blog

Twitter Hacked! Are You Next?

Illustration of AP and Twitter logo

Twitter Hacked!  Are You Next?

The Nest Web article on hacking Twitter accounts.

Screen snap of article at The Next Web on the successful hacking of Associated Press’s Twitter account. The false tweet caused the stock market to stumble, but was soon corrected by Associated Press and quickly verified by the White House that the report had been in error.

 

You may remember near the end of April when the Associated Press Twitter account was hacked, and a false new alert  was sent about an attack at the White House?

You could be embarrassed next.  Why?  If you, like the AP, have not enabled 2-step authorizations on your social media accounts, you very well may be next.

Feeling Insecure about Your Security?

Security in the cloud-connected world is getting constantly better.  In the past year or so, Google, Facebook, Apple’s iCloud, Dropbox, Twitter, among other organizations have built-in an extra layer of security, called two-step authorization.

If you log into a public computer in the library, or at a colleague’s computer and want to get something from your Google Drive or Dropbox account, normally you log in with your user name, and password to that service.

But if you enable “two-step” authorization — the site will let you in only AFTER it first sends a text to your mobile phone with a short code, a kind of temporary extra password that lets you use a different computer to access files in the cloud.  If someone were trying to hack into your account and guessed your password, they would not be able to access the account without the code text sent to your mobile phone!

How to set up 2-step

Dropbox icon

Dropbox’s icon on a mobile device

Let’s use Dropbox as an example:  We will “authorize” Dropbox app on a new tablet.

First, log in to Dropbox on your computer, sign in to your dropbox.com account.

Click on your account name in the upper right of the browser window and choose the Settings icon.

In the next window choose the security tab.  There on the left, just below your email address and “change password” area is the “Two-step verification” link.

Dropbox.com setting icon to change security and password settings.

After logging into a Dropbox account, visit the Settings area of the account to set up 2-step verification for increased password security.

Enter your mobile phone number. Dropbox will send a short code as an SMS message containing an easy to remember five or six digit number. Type that number into the verification field.  If you don’t enter that code in about 15 minutes or so, Dropbox will “forget” that code, and it won’t be good again, a kind of time-limited access.

From now on when you log in from a public computer, leave on the “Trust this computer” unchecked.  But you can choose to “trust” your laptop, or mobile device like a tablet or smartphone.

The short code that is sent via SMS to your phone? You need to enter that code in a separate box after you have entered your account login information, and password.

Screen snap of 2-step verification screen in Dropbox

Enable two-step verification in Dropbox in order to make it difficult for bad actors to break into your account.

 

Here is why this is good

 

In the “old” way, if someone hacked your account, and changed your password, it could lock you out of your own account.

Screen snap of SMS from Dropbox

This is a screen snap of how Dropbox alerts you to add in a second verification code, after your password, to ensure that it was you that added or made changes to your account.

But with 2-step verification turned on, no one can change your password without an SMS message showing up on your phone.  If you did not log in to a “new” computer or device, that means someone is trying to get access to your stuff.

If you DO get an unexpected SMS — perhaps someone was trying to access your account.  Log in to the service and change your password as soon as you can, to make sure that your stuff remains yours, alone!  Like the SMS says, “happy Droboxing!”

You are not alone

Here are some great step-by-step articles and tutorials for a variety of cloud services.

A good article at Wikipedia on what 2-step Auth does.

Setting up 2-step with GMail, and Google Drive

Setting up 2-step with Dropbox

Setting up 2-step with Box

Setting up 2-step with Apple iCloud and iTunes AppleID

Setting up 2-step with Twitter

All of us at the Multimedia Learning Center take security seriously, and balance it with a reasonable need to be efficient in our time with cloud-based resources.  If you have questions, just stop by and see us! We are on the ground floor of Kresge Hall, Suite 1-347.

###