Do we need multi-factor authentication in social networks?

No one tries to contradict that multi-factor authentication is very important for corporate and personal accounts – especially those relating to financial assets turnover. But for many users, strong authentication in social networks seems an excessive caution.

Usually, people use social networks for entertainment, socializing with friends, and following the news. The majority of social networks profiles have no relation to money or corporate secrets. What can awake the hackers’ interest? But, network fraudsters are interested in every Internet user. The recent events have perfectly confirmed this truth.

Since the beginning of the year, a real epidemic of users’ confidential information leaks has been raging. And it has already affected data protection systems of several major social networks

We have already written about the scandal with LinkedIn. Just a couple of weeks after the incident, a hacker under the nickname Peace_of_mind, who previously was selling the data from LinkedIn, Tumblr, and MySpace on the “black market”, unveiled new “commercial offers”: more than 100 million VKontakte accounts, and following them – 379 million Twitter accounts (according to statistics, every month, Twitter has 310 million active users, but, apparently, even those who have not entered their Twitter accounts for a long time also hit the database…)

Leakage aggregator LeakedSourse received a dump with databases on sale from an anonymous well-wisher and reported that the databases contain full names, e-mail addresses, passwords, and phone numbers linked to the accounts. LeakedSourse website gives an opportunity to check whether your account is among those compromised. But this procedure is not free.

All recent incidents have one thing in common: data leaks did not occur today, most of them happened in 2011-2013. It would seem that you can take a breath of relief: after such a long period of time, the old secrets have lost their relevance and account passwords have been already changed.

Though the reality is not so comforting. The specialists tested 100 random e-mails of those compromised and found out that 92 of them are still bound to the accounts.

A father-founder of Facebook Mark Zuckerberg also fell victim to social networks hacks. The hackers took over his Twitter and Pinterest accounts. To prove it they even posted an appeal to Zuckerberg on his own page. It was also alleged that the hackers even cracked into his Instagram account. (The irony is that this service is owned by Facebook.) But this information has not been confirmed. Hacking became possible since Zuckerberg’s password was among those stolen LinkedIn passwords. Zuckerberg used the same password on Twitter and this helped the scammers to compromise this account as well.

But it turned out that Zuckerberg has not been using his Twitter account since 2012. Perhaps this explains the fact that the owner did not care about the regular password change and other measures that ensure user’s data protection. As you can see, the Facebook creator made the same mistakes as the ordinary people: one and the same password for many accounts and avoiding the use of multi-factor authentication.

Conclusions that can be drawn from a series of hacks of the largest social networks are not new, but still relevant.

More attention to passwords

The ratings of the poorest and most predictable passwords can be found on many sources – and on our blog, as well. It is better to look them through so that you can avoid using these “masterpieces” and protect your accounts.

But even the most complex passwords must be replaced from time to time – at least once every few months.

Login and password are not enough

More and more sites (and social networks as well) provide an opportunity to enable multi-factor authentication. Most often it is 2-factor authentication (2FA). Unfortunately, so far, not all users realize the importance of multi-factor authentication and do not want to waste time on entering one-time passwords during login.

Meanwhile, multi-factor authentication can help to keep control over your account, even if fraudsters get hold of your password and e-mail. The hackers will fail to take over the account without knowing the one-time password required for authentication.

Should we use 2-factor authentication and one-time passwords in social networks? All the users must answer this question themselves.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Anna

If you have any questions about two-factor authentication and Protectimus products, ask Anna, and you will get an expert answer. She knows everything about one-time passwords, OTP tokens, 2FA applications, OATH algorithms, how two-factor authentication works, and what it protects against. Anna will explain the difference between TOTP, HOTP, and OCRA, help you choose a token for Azure MFA, and tell you how to set up two-factor authentication for Windows or Active Directory. Over the years with Protectimus, Anna has become an expert in cybersecurity and knows all about the Protectimus 2FA solution, so she will advise on any issue. Please, ask your questions in the comments.

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This