Prime Minister Narendra Modi’s Twitter account was “very briefly compromised” on December 12, sparking concerns about Internet security once again. But how does one recognize a hack? And how does one protect against it?
How to recognize a hack?
According to Twitter’s help pages, some of the tell-tale signs of a hack include unexpected tweets from your accounts, unintended direct messages, and following people you do not know or remember following.
But what to do if your account is compromised?
Platforms like Twitter send emails to users when their account information has been changed or a login has occurred from a browser or device that wasn’t previously registered on the platform. If you don’t recognize the change, you can flag the same to Twitter immediately from the email and ask for the device to be logged out and blocked. Hence, keep your phone numbers and email IDs up-to-date.
How to protect against just about any hack?
To begin with, anything on the internet can be hacked. That said, users can always make it difficult for an attacker by following some guidelines. The first step is to create complex, long, and alpha-numeric passwords, which are difficult to guess. You should also check the devices registered on your account(s) periodically, and remove ones you don’t recognize. Twitter also recommends checking passwords for accounts on third-party apps that have been allowed access to your Twitter account. This is usually done when you login to another platform using your Twitter account, or give it posting rights on Twitter. You should also turn on two-factor authentication (2FA), which requires a one-time password (OTP) to be sent to your phone whenever a new login occurs.
But why alphanumeric passwords?
Hackers use computer programs to guess passwords. These programs try commonly used passwords, passwords that have appeared on other hacks, and different combinations of letters. An alphanumeric password raises the number of possibilities exponentially, and makes it near impossible for them to be guessed which does not make it worthwhile for a hacker to spend them cracking it. For instance, in the case of PM Modi’s account, a hacker could either have done it for monetary benefit, or even to raise their reputation amongst others in the dark web community.
What is 2FA?
2FA is a system of security that allows users to login to an account through two steps, instead of just typing in their password. It’s based on the concept of what you have — in this case your password — and what you get — which is the one-time password sent to your phone. A stronger version can also be put in place using authenticator apps, which generate a random key whenever you need to login. Twitter’s settings also allow users to use a physical security key, which is an USB-device that connects to a phone or computer and is used to access sensitive accounts. This is often considered as the strongest security one can have, since an account cannot be accessed without physically acquiring the USB key from the person. “Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account,” Twitter said in a March 2021 blog post announcing the feature.