Another day, another high profile social media attack, this time it’s the US Central Command Twitter and YouTube pages. Hacking these sorts of pages isn’t particularly hard, you already have one piece of information (the login or username). We haven’t heard about what tools these hackers may have used, it could have been phishing or brute force or even purchased passwords.
In light of these hacks, it’s a good time to talk about dual-factor authentication. Dual factor authentication means you have to prove your identity twice. The first method is something you know, this is the password we’re all used to. The second is something you have. Most often this is a randomly generated code sent to your phone or delivered by an app. To sign in to a service, you first use your password and then your code. You can tell the computer/phone/tablet you enter the code on that it is in fact your device, and not to ask again. We don’t know if dual factor authentication would have prevented these attacks, or if the US Central Command is using dual factor, but it is another layer you can add to protect yourself.
I’ll admit, using dual factor authentication can be kind of a hassle. But the hassle vs reward is worth it. I started using dual factor on my Google account when someone from China tried to access it. (They failed, and Google let me know of the suspicious behavior). I started using it on Facebook soon after they announced it. There are times it’s a pain (for example, logging into a Kodak picture kiosk to print some photos), but most the time it’s not something I have to deal with.
I highly recommend you use these tools on your account to protect yourselves. The more we rely on our online accounts, the more important this becomes. Here are guides for some major services: