The importance of multi-factor authentication
Ethical hacker Victor Gevers reached news headlines this week as he (allegedly) managed to access president Donald Trump’s Twitter account for the second time.
In an interview with the Dutch newspaper Vrij Nederland, he regrets the lack of response to his- and his friends’ warnings in 2016, when the three young Dutchmen found themselves with access to the United States’ president’s Twitter account after trying a couple of passwords.
This time Gevers tried the same strategy and, as reported in the interview, he played around with the following:
The last one, maga2020!, turned out to be a hit. Gevers couldn’t believe it, he yet again found himself in a position where he had to contact the White House and warn them of a security vulnerability he had discovered. He even had access to all of President Trump’s deleted tweets, and he could have downloaded his complete DM and tweet history.
This definitely isn’t the first time Twitter faces a security problem. On July 15 2020, a 17-year old hacker managed to access several high-profile accounts, from Bill Gates’ to Kanye West’, and coaxed followers into donating Bitcoin.
Twitter tries to increase security by using Two-Factor Authentication, a subset of Multi-Factor Authentication. This requires users to provide at least two pieces of evidence that verify they are the actual owner of the account. This can be done via another device, additional passwords or pin codes, or via biometric information such as fingerprints.
Oddly enough, Two-Factor Authentication was turned off for the President’s account… Let’s hope this time serves as a long-term lesson for the White House on the importance of up-to-date online security measures.