The fast-growing microblogging site Twitter has fallen behind some other Internet services in introducing tools to help secure the accounts of users, security experts say.

Weaknesses in Twitter’s security became apparent on the US July 4 Independence holiday as an unknown hacker took control of a Fox News Twitter account and sent out messages falsely claiming that US President Barack Obama was dead.

While the hijacking of Twitter accounts is not new, the false Tweets about Obama generated headlines around the world.

The Secret Service is investigating the matter. Fox News has said it is unsure how the attacker gained control of its account, but complained that it took Twitter more than five hours to return control of the account to Fox.

“What Twitter needs to do now is to commit to a thorough review of their security practices,” said Daniel Diermeier, a professor at Northwestern University’s Kellogg School of Management. “For Twitter this is a very serious problem.”

Security experts said the attack might have been prevented if Twitter had offered two-factor authentication technology to secure its accounts.

In two-factor authentication systems, a user must enter a second code in addition to a fixed password to access its account. The code changes every minute or so and is sent to a cell phone or other electronic device.

Google Inc. and Facebook already offer two-factor authentication to confirm the identity of users.

Security experts said Twitter could soon come under pressure to do so as well, particularly from influential users such as politicians, major corporations or news outlets.

“They won’t have a choice. I think if they want to stay viable they’ll have to,” said San Diego State University professor Murray Jennex, who teaches information security.

He warned that Twitter would be “flirting with disaster” if it did not proactively add two-factor authentication, and that more high-profile attacks could harm the company’s reputation.

In addition to the Fox News heist, PayPal’s Twitter account in the United Kingdom was also hijacked this week and followers urged to visit the website www.paypalsucks.com.

• Scrambling Passwords

Twitter allows its users to communicate with the site using an ordinary, unscrambled connection, which makes it easier for potential hackers to steal passwords.

The site does offer the option of scrambling that traffic, but users must type “https” before entering the Twitter URL into the Web browser to call up an encrypted connection, or change their options to request https as a default.

Chris Palmer, technology director for the privacy-promoting Electronic Frontier Foundation, said Twitter should use https by default because not all users are aware of the option or care to use it. Google uses https encryption by default for many of its services.

“Basically, if nothing bad happens, it’s because no attacker cared to attack,” Palmer said of Twitter.

Twitter spokeswoman Lynn Fox declined to say whether the company intended to add two-factor authentication. The company has said in a blog that it hopes to make https encryption the default for all users.

“We take security very seriously and we’re always looking for ways to help users make their accounts more secure,” she said.

Yet she added that Twitter’s users are responsible for securing their own passwords.

“We can’t anticipate compromises that occur offsite,” she said. “That’s one of the reasons we very clearly recommend to users that they be extremely careful with the security of their passwords.”

Related Articles

 

• How To Track Your Conversation On Twitter

This article was posted in "Internet, Tech Updates'' section by Kapil Arya.
If you enjoyed this article, subscribe to our RSS feed or free newsletter to get all new articles directly in your Inbox. If you have a Windows, technology article to share, then feel free to send us.

Recommended Articles

[Direct Download Links] Windows 8 Release Preview Goes Official, Download Links Inside Things You Must Know About Windows 8 Release Preview Windows 8 Consumer Preview : What You Need To Know [Direct Download Links] Windows 8 Beta (Consumer Preview) Is Here, Download Now [How To] Remove Or Modify The Watermark (Build Number Info) In Windows 8 Consumer Preview Ultimate Collection Of Windows 8 Commands & Shortcuts [How To] Make Windows 8 Consumer Preview Auto Logon [How To] Access Safe Mode & Add / Remove Safe Boot Option On Windows 8 Consumer Preview Boot Manager [How To] Bypass The Metro Start Screen / Directly Log On To Desktop In Windows 8 Consumer Preview [How To] Add “Shut Down”, “Restart”, “Lock Computer”, “Sign Out” Options Manually To Windows 8 Desktop Context Menu

[How To] Enable / Disable “Safe Mode With Networking” In Windows 7 [FIX] Getting Black Screen / Missing Desktop After Logging In Windows 7 Using Registry Editor [How To] Disable Annoying Notification Balloons In Windows 7 & 8 [How To] Prevent Themes From Changing Your Icons & Cursors In Windows 7 [How To] Reduce The Hard Disk Space Reserved For Restore Points In Windows 7 [FIX] Microsoft Fixed Windows 7 SP1 Installation Errors "0x8004a029, 0×80004005 – E_FAIL" [How To] Fix Irrelevant Search Results In Windows 7 & Windows Server 2008 R2 [How To] Fix Error “0xc000000f – The Boot Selection Failed Because A Required Device Is Inaccessible” [SOLVED] How To Remove Windows Genuine Advantage Notifications In Windows 7 & Windows Vista [How To] Fix Windows Application Error “0xc0000135″ For Google Chrome Start Up Crash In Windows 7

Get Involved! Add Your Comment

Name [Required]

Mail [Never Shared] [Required]

Website Or Blog

Notify Me Of Follow-Up Comments Via Email.