My twitter account got hacked again and they are sending junk to all my friends. I have a big long complicated password, so what else can I do to keep this from happening again?
This question was answered on September 27, 2013. Much of the information contained herein may have changed since posting.
Account holders on popular social media networks like Twitter and Facebook are constant targets for hackers because of their high potential for spreading malware and spam messages.
A compromised account is connected to a network of others that implicitly trust things that come from their friends, so the success rate for infecting others is much higher.
Social media accounts can be compromised via phishing scams, virus infections, weak passwords or increasingly if you unknowingly allow a malicious third party website or app to have your login credentials, which may be what’s happening to you.
You’ve likely seen a lot of websites and apps allow you to register for their service via your Twitter or Facebook account in an attempt to make it easier to get setup.
As convenient as this may be, you should be very careful where you use your social media accounts as a way to log into third-party sites and apps.
Even legitimate companies that offer this sign-in method will have small print that you agree to which allows them to post via your account.
While there is no 100% guaranteed method to avoid being hacked, one of the best things that you can do for any online account is to activate the two-factor authentication (TFA) security feature.
Two-factor authentication is based on something you know (your username & password) and something you own (your cellphone).
After you activate the feature, whenever you or anyone that has your password tries to login from a computer or mobile device for the first time, you’ll be sent to a special page that is asking for a code.
At the same time, a special one-time code is sent to the cellphone number that you registered with the site when you setup the two-factor authentication.
You must put that code into the site within a short period of time in order to proceed and once successful, you can tell the site to remember the device so you won’t have to do it every time.
Another great side-benefit of setting up this security measure is it also becomes an alert system for when someone has figured out your username and password. If you get a text message with a special code out of the blue, you’ll know someone else is trying to get into your account (when this happens, you’ll know to change your password immediately!)
Here’s how to setup TFA on these popular services:
Twitter Login Verification: http://goo.gl/AfWuQT
Facebook Login Approvals: http://goo.gl/YqomNO
Google 2-Step Verification: http://goo.gl/aPCkG9
LinkedIn 2-Step Verification: http://goo.gl/HmOxeM
Microsoft 2-Step Verification: http://goo.gl/Mm4iwT
Apple 2-Step Verification: http://goo.gl/ss8Yhu
Yahoo! Mail Second Sign-in Verification: http://goo.gl/j2Bbo6
About the author
Posted by Ken Colburn of Data Doctors on September 27, 2013