Solutions for Big Business Twitter Breaches

Date: 2011-07-07 17:14:28

Ken Klein, Healthy Passwords

The 3rd Twitter password breach this week illustrates weakness in business Twitter use.

• July 4, 2011 - Fox News Twitter Account Hijacked

• July 5, 2011 - Paypal UK Twitter Account Hijacked

• July 7, 2011 - Hennepin Co. Library Twitter Account Hijacked

Twitter lacks delegate functionality. This forces businesses into insecure practices such as:

1. Account access by multiple individuals.

2. Using weak passwords so multiple individuals may remember them.

3. Infrequent password changes so no updater is locked out.

Until Twitter can address the problem, business account holders must take steps to protect their brand. Here are a few possibilities:

• Have account updaters create Lastpass accounts. Have one person create and change the password daily. That one person can share the password with the "delegates" through Lastpass, which allows the others to use the password without having to see the password. Lastpass offers multi-factor authentication, so this solution solves the problem on two fronts.

• Create one person, ideally a helpdesk manager role, responsible for daily password changes. Create a list of authorized users. When a user needs to update twitter, they will call the helpdesk or password keeper to get the password of the day.

• Limit updates to no more than three people, which is enough to cover a 24x7 rotation. Change the password daily or weekly.

Our business is passwords and we don't normally recommend password managers for highest risk accounts, but in this circumstance, LastPass uniquely meets all the requirements for a perfect stop-gap Business Twitter solution.

A Twitter breach to a large business like Fox News or Paypal may be more damaging than losing bank account passwords. It's time for management to recognize these risks and implement processes to prevent losses.

Category: Breach

Subcategory: Passwords