In October 2016, my uncle and I were on a road trip from New York to Boston and on the way he opens up a post I made on my twitter account and asks me to explain to him what the post means and why I would post such. The post was a picture of a half-naked woman with an invitation to click on a link. It was a sort of advert for a hookup site.
The problem here was that yes, it was my twitter account that posted it but it was done few minutes ago and I could not have done it with my phone battery down. This simply means that I had been “pwned”.
I was curious to know how this happened. I logged into my email account that is associated with my twitter using my uncle’s tablet and realized someone logged into the account from somewhere in France. I was on the road and had no time to lose so what I did was change the twitter account password immediately.
Hacking someone’s account (Twitter, Facebook, Yahoo, Gmail, etc.) is totally easy using social engineering. It is therefore important to utilize a system where someone cannot simply have access to your account(s) with the password alone.
This is where the Multiple-Factor Authentication (MFA)/ Two-Factor Authentication (TFA/2FA) comes in. This is a security feature many of us know about but try to circumvent it when it is optional.
Step 1: On the login page of your account, you enter your login details (username & password)
Step 2: The MFA security sends a verification code to your phone (or email or any other device you selected) via text or call
Step 3: You enter the verification code
Step 4: You are granted access to your account
You see, prior to my account being hacked, Twitter had sent me numerous notifications to add my mobile number to the account details in order to offer me more security; I declined because it seemed to be “too much trouble”. If you are like me and have delayed the activation of the MFA/2FA security feature on your Facebook, Twitter, Yahoo or Instagram account due to its inconvenience, please activate it now. In my opinion it is a small price to pay for a better security. The hacker would need to have access to both your password and your phone(or any other device you selected) in order to gain access to it.
Since I activated the MFA last October, I have received verification codes when I never initiated a login process. This means that people are really attempting to gain access to my account despite changing the password but Multiple-Factor Authentication has got my back.
Stay Safe 😆