The official Twitter and YouTube accounts of U.S. Central Command were hacked yesterday by supporters of the Islamic State. Both accounts had been taken offline while the incident was being investigated.
U.S. Central Command said it is viewing the hack on the military agency’s official pages “purely as a case of cybervandalism.”
Yes, those were “just” Twitter and YouTube accounts, however, both Twitter and YouTube offer two factor authentication. Was it in use in this case? If yes, then the question that needs to be investigated is how the hackers got over it. If not, the issue is why not, especially in the case of a military agency.
So what are the lessons that an average user of social media can draw from these incidents? Considering undoubted emotional attachment that we have to our online presence, one needs to balance security against usability.
First of all – use two factor authentication for all your important online accounts. What you consider important depends on each individual’s decision. Secondly, make sure you have more than one path for the second level of authentication (e.g. cellphone and another email) in case you lose access to one of them. Consider the following scenario, which happened to one of my sons recently: his phone got lost while he was out of town. His email as well as his Facebook and Twitter accounts are set up with two level authentication to his cellphone number (as the only option).
As a result he could not access his email or any of his social networks, since he had no access to his cellphone or his (already authenticated) home computer. Using any other computer would require second level of authentication (which implied access to his cellphone). Consequently, he was unable to notify anybody of his status for a longer period of time, until he managed to buy a new phone and set it up with his original number.