Skip to main content

Twitter security: physical security keys for staff; election protection measures

Twitter security made the headlines for all the wrong reasons back in July, when a major hack saw many high-profile accounts taken over to post a cryptocurrency scam. Affected accounts included Apple, Elon Musk, Joe Biden, and Barack Obama.

The company has now implemented a range of security measures in response, including physical security keys for two-factor authentication of staff with access to accounts …

Engadget reports.

As the company explains, some of its teams need access to user data to keep Twitter running. While it usually only grants them access for valid reasons, such as to help users who’ve been locked out of their accounts, it’s had to tighten its measures even further […]

As an additional measure, Twitter started distributing phishing-resistant security keys to its employees and requiring its teams around the world to use them. Google implemented the measure in 2017 to great success: A year after making it mandatory for employees to use physical security keys for two-factor authentication, the tech giant announced that it has “no reported or confirmed account takeovers” anymore.

Twitter required all new employees to go through security, privacy and data protection trainings, as well. Those who have access to non-public data had to attend additional mandatory training sessions on how they can avoid becoming phishing targets for attackers. The company also said that it’s been constantly improving its internal detection and monitoring tools that alert the company of possible unauthorized access attempts.

Twitter is also taking measures to reduce election-related disinformation being shared on its platform.

As for its election-specific efforts, Twitter said it recently implemented heightened security measures for election-related Twitter accounts in the US. A few days ago, it started sending them in-app notifications on new security requirements going forward, such as enabling password reset protection for accounts by default. It also conducted additional penetration testing and scenario planning over the past months. From March 1st to August 1st, for instance, its cross-functional elections team performed exercises on how to deal with hacks, leaks of stole materials, foreign interference and coordinated online voter suppression campaigns, among other scenarios.

The Verge notes that all users will also receive a reminder not to retweet links without actually reading them. You might think this would be obvious, but this is the Internet, and many read no further than the headline before they share or comment.

Twitter says it’s working on bringing its “read the article before you retweet it” prompt to all users “soon.” The company began testing the prompt in June, which shows up when people go to retweet a story they haven’t clicked through to actually read.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications