Gadgetory

hello and welcome to inside scoop I'm Sumi das and joining me is Seth Rosenblatt thanks for being with us thanks for having me again he's senior writer for cnet and today we're talking about Twitter and these high-profile hacks that have happened recently AP news got hacked CBS got hacked our gainful employment exactly that hits close to home and now twitter has released this memo it happened on Monday tell us what this memo said basically it said two companies you're responsible for your own passwords good luck but but some good advice in this memo right basically it was sent to journalists and people that might be targeted in the future twitter has had a problem with spearfishing so explain what spearfishing is first of all so spearfishing are phishing attacks that are directed at specific people using information that they are likely to recognize as familiar so that they are basically more susceptible to the phishing attempt which is where they enter in their password or other authentication information into a website that looks real but in fact is there just to steal their information okay so what should people be doing with their passwords what what constitutes a strong one what constitutes a week when we we get this advice all the time but it we did like it will it's a big deal traditionally people think of having one word passwords with a lot of funny characters in them pound signs and dollar signs and percent signs and that's no good capitals and numbers and things like that they're actually very hard to remember yes and not only that and which is actually much worse they're very easy for machine logic to guess the way to do it actually is to go in the other direction choose a password that's easy for you to remember a bit harder for a machine to guess and one of the best ways to do that is to choose a multi-word password that uses spaces it's less important although it's helpful to have funny characters in there but if you have four random words as your password that's really the best way to go and you're saying you can use spaces in your passwords this is actually information and news to me you know so that's acceptable for Twitter you can put spaces in your Twitter supports at Facebook supports a Google supports it I don't believe that Microsoft does but Microsoft does support two-factor authentic which a lot of other services also support and what is twitter doing I mean besides saying create stronger passwords and change your passwords what they're actually doing some taking some security measures on there and to they are they are apparently working on two-factor authentication so noisy big step yeah let's let's explain what that is sure so two of two factor authentication or two FA as it's called involves using two of three different kinds of information to authenticate that you are who you say you are when you're logging in ok there's a knowledge component so that can be a password or a pattern or a PIN number there's a a physical component an ATM card or a smart card of some kind or there can be a biometric components such as a fingerprint ok and Twitter doesn't have this yet do we know when it's coming we don't ok there are a lot of services they do offer it google has it Facebook has it Amazon Web Services has a Dropbox has it Microsoft has it with hotmail yahoo uses it there's a lot of high-profile services that do use to fa which is great however the two fa is still susceptible to spear fishing which is the kind of fishing that's been used in the past to get people's Twitter account passwords and at the end of the day there is no such thing as a one hundred percent secure authentication method if you're not a member of the media you're not a journalist and should you be worried about these sort of spear phishing attacks I think you should be concerned I think it's always important for people to remain vigilant about opening emails it's less of a concern now with attachments when everyone's using webmail it's much more important that when you look at an email they you know you you're taking a look at who it's coming from the domain of where it's coming from the link if you click on a link before you do take a look at it see where it's going if it says something like big net or something weird and you're looking for your bank of america document then you've got a problem and you probably should just delete the email right okay all right so in the meantime we'll just keep watching for Twitter to release that two-factor authentication absolutely Seth thank you so much thanks alot for inside scoop I'm Sumi das thanks for watching you