We, Indians, have a blockage in our heart and mind about security and privacy. Many of us do not understand, or even want to know, the difference between security/privacy and transparency. If you ask someone about securing their online presence, the answer you are likely to receive is: “I have nothing to hide, so why should I bother?” From the security perspective, I would say this is absurd; at the very least, it is an invitation to danger or hacking.
On waking up one morning, I saw an SMS delivered at 11.30 in the night, giving me the one-time passcode (OTP) for changing my password for one of my social media accounts. I was shocked and relieved. Shocked because someone tried to access my account, and relieved because I use second factor authentication (2FA); hence, the person was not successful in his mission. Of course, I change my password often. However, despite using a somewhat robust password, somebody made me go through this exercise.
According to a report from digital rights group Access Now, several activists and journalists are falling victim to a devious new account hack known as ‘DoubleSwitch’. Hackers are using DoubleSwitch first gain control of accounts that do not have a 2FA and then change the account information, including the username. For example, if your Twitter handle is @xyz123, the hacker will change it to, for example, @dummy_xyz123, using your own profile picture and display name and then replace your email ID. Next, he will create another account using your original handle, @xyz123, with his email ID. This way, you not only lose your username but any effort to retrieve your account (since the registered email ID would be of the hacker and not yours). And, since you do not have 2FA, there is not even a second line of defence for you.
I have been writing about using multi-factor authentication for financial transactions. However, the time has now come to apply this for our social media presence as well. One of the reasons is that, the world over, the social media presence of an individual is being screened or monitored for several things, including (but not limited to) hiring for a job. Even lenders are using social media for, well... not for granting a loan, but for recovery purposes. This is happening in India too. In this scenario, it is only imperative that we follow multi-factor authentication for our social media account as well.
Here is how you can activate 2FA for your social media accounts.
On Twitter, go to ‘Settings and privacy’ and to ‘Security’ under Accounts. Here, select login verification request and password reset parameters. Do not forget to update your email ID and mobile number.
For Facebook, you need to go to ‘Security and login’ under ‘Settings’. There is a tab, ‘Setting up extra security’. Turn on (opening ‘edit’ tab and then selecting the settings from) ‘Get alerts’ about unrecognised logins and use two-factor authentication. Facebook also allows you to retrieve your account with help from three to five of your friends. These trusted friends can send a code and URL to help you log in. But use this feature only when you know these people in person and are sure about their reliability and dependability.
Another important networking site is LinkedIn. Here, under ‘Setting’ you need to go to ‘Privacy’ and then to ‘Security’. Turn on the two-step verification. You will receive a code on your registered mobile number using which you can activate this feature. Other social media platforms also have a similar kind of feature to enable multi-factor authentication. It would be under Settings and, generally, under privacy or security. Do opt for this today, to avoid mishaps in the future.