First, see these headlines and stories:
- TechCrunch: “In Our Inbox: Hundreds Of Confidential Twitter Documents“
- TechCrunch: “Twitter’s Financial Forecast Shows First Revenue In Q3, 1 billion users in 2013“
- TechCrunch: “Another Security Tip For Twitter: Don’t Use “Password” As Your Server Password“
- TechCrunch: “Twitter’s Internal Strategy Laid Bare: To Be ‘The Pulse Of The Planet‘”
- NYT: “Twitter Hack Raises Flags on Security“
- Twitter Blog: “Twitter, Even More Open Than We Wanted“
- NEW 2009-7-19: TechCrunch: “The Anatomy Of The Twitter Attack” (blow-by-blow description and how-to manual)
- New 2009-12-18: TechCrunch: “The Anatomy of The Twitter Attack: Part II” (Twitter’s latest attack — DNS host compromised)
- New 2012-8-6: Wired: “How Apple and Amazon Security Flaws Led to My Epic Hacking“
Now, ask yourself this?
Is having (good) two-factor authentication (TFA) on its Google Apps and Gmail accounts something that Twitter would pay for? A GToken, perhaps, for each user?
Of course, it is. And, to answer the begged question: Yes, TFA could have prevented this breach. NEW: See “The Anatomy Of The Twitter Attack” and consider what would have happened if Twitter would have been using TFA (and it was required for password resets).
It’s the same with many other individuals and companies. In fact, if good TFA is easily accessible, it will become a requirement, not just the differentiator it is now. Companies who tell their customers, partners, investors, lenders, etc. that they use security best practices will have to use TFA.
chrisco.wordpress.com 