Wednesday, February 20, 2013

Social media security

In the past week, Burger King and Jeep had their Twitter accounts hacked.  It looked pretty silly to lose control over their official Twitter handle.  Seeing some prankster's tweets on their timeline gave us something to talk about.  But in the end, it's something that could have happened to anyone.

We all know the right thing to do to avoid getting our accounts hacked.  Randomize our password, change our password a few times a year, and don't use the same password for multiple sites.  These are all well known best practices.  But who proactively changes the passwords without being prompted by the site?  Even when we are forced to change our password, we often have trouble coming up with a difficult-to-guess password because we all have too many passwords to remember already.

It's like talking about benefit of healthy eating and regular exercise.  We all know that these are good for you.  But with easy access to junk foods and busy life style, most of us tend not to think about what we eat every day and squeezing in 30 minutes of aerobic exercise.  Same is true with our social media security.  Until it becomes too late, we tend to ignore what we are not doing right.  Extending the physical exercise metaphor, we think it's something that each of us can fix if we decide to follow the best practice.

In reality, however, social media security is quite a bit more difficult to implement.  That's because everyone is linked with each other in trust relationships.

Unlike your online banking account password, social media account password not only protects the access to your data.  It also authenticates that you are in fact who you claim to be (your social media identity) for all the friends and connections that you have.  If my Facebook account is hacked, attacker not only can get to my data, but more importantly he can impersonate me to send messages to my friends as me asking them to click on things that they shouldn't.  Because all our social media friends and followers are based on this implicit trust, they are much more likely to click on my message than a spammer's message.

This means our social network security is only as secure as the least secure account among our friends.  If one trusted social networking account is hacked, we are much more likely to fall victims of targeted phishing attacks, for example.  (This is exactly what happened to me earlier when my friend's Twitter account got hacked.)

So it may have been fun to talk about hacked Burger King and Jeep's Twitter accounts.  But we have to realize that this threat is lot closer to us than we think they are.  We are so much more connected to each other to ignore social media security.

Do your friends a favor.  Update your social media passwords.

Don't make your password "password"...

1 comment:

  1. A very good post ,I like it very much ,hope you will give another post asap Great info Thanks!