Recent news broke in that a Dutch security researcher accessed US President Donald Trump’s twitter account by simply guessing his password: “maga2020!”
Victor Gevers, the security researcher mentioned above works for the GDI Foundation and is the chair of the Dutch Institute for Vulnerability Disclosure. He recently reported that he was successful in guessing the president’s twitter password in only his fifth attempt. There was no two-factor authentication enabled on the twitter account which is why Mr. Trump never got any notification about this break-in. After logging in, Victor report this to US-CERT, a division of Homeland Security’s cyber unit. The account password has been changed shortly after.
This is the second time that the president’s twitter has been guessed.
President Trump is notorious for announcing things on his official twitter handle and sometimes even before having a discussion with his military advisors. This is just another event in a line of security breaches involving President Trump Internet activities.
“It’s unbelievable that a man that can cause international incidence and crash stock markets with his Tweets has such a simple password and no two-factor authentication,” said Alan Woodward, a professor at the University of Surrey. “Bearing in mind his account was hacked in 2016 and he was saying only a couple of days ago that no one is hacked the irony is vintage 2020.”
Protect your account using a strong password and 2FA
To prevent yourself from getting hacked like Mr. Trump is having a strong password for your important accounts. In fact, you should not repeat any passwords for ANY of your accounts. It will be extremely difficult to remember all the different passwords you use. Here is where a password manager like Lastpass or Dashlane comes in use.
Password Managers save all your passwords in their ‘vault’ which is encrypted using a hash coupled with a cryptographic salt which makes it extremely difficult and resource consuming to guess a password. Several password managers also provide an option to generate a secure password which can then be stored inside the fault. These can be accessed across all your devices and make passwords less insecure than they currently are.
Use MFA (Multi-Factor authentication) or 2FA (2-Factor authentication) on all your accounts, especially your bank and social media. This makes sure that after you enter your password, you need to use a second method to authenticate. This could be a One Time Password (OTP) in a text message, sending a security code to your email, or using a temporary code using an authentication app (like Duo Mobile or RSA token). 2FA makes sure that even if a website storing your passwords in plain text gets hacked, they will not be able to get access to your data since they would have to go through an extra step to authenticate themselves.
Of course, taking an extra step to authenticate yourself is not very convenient but give an option between being extra cautious vs having our data stolen by attackers, I would take the first option any day of the week