Step Right Up! Test Your Twitter Password!ShareThis
by Ron Daly
Yesterday, the Twitter account of the Associated Press was hacked and a misleading tweet was posted, claiming that the White House and the President had been attacked. This, of course, was not true. But the damage was. Oh, yes it was. The stock market dipped ferociously, then self-corrected when it was determined that the claim was false. Twitter went crazy; first, with fear, then with ridicule of the AP, an organization that is assuredly licking its wounds as of this writing.
Now, let's abstract this. What if it were your CU's Twitter account? What if someone "hacked" that account (we'll get to the term "hacked" in a minute), and sent a message to all your followers that told them your CU was going out of business, or that a branch had been robbed? Imagine the blow-back.
Luckily, there's a website to test the security of your Twitter password. It's called IsYourTwitterPasswordSecure.com. Try it out! Go on, I'll wait. Come back when you're done.
I'm betting you just saw one of these:
Now, we can't be sure that anyone at the AP put their password somewhere they shouldn't have. But this website is giving a strong piece of advice, given with a strong hand. Be suspicious of ANY SITE that asks for your user name and password to ANOTHER SERVICE. Twitter, Facebook, LinkedIn, and other social sites have protocols for dealing with authorization. As a user, you can grant and revoke access to devices, web services and even between other social services as you please.
I'm not sure how the AP managed their Twitter account, but I have to wonder - who made password decisions? How often were those passwords changed? How were notices of change made to the people with access? These are all important considerations.
And if it's as simple as a password guess, why wasn't someone insisting that the passwords get stronger? There's a big difference between "being hacked" and setting all your passwords to be "password". It's the same as locking your door and etching on the doorknob "the key's under the mat, don't worry about it."
These are the kinds of things that credit unions should care about and should teach members. Yes, I'm serious. Members might not be aware of phishing attempts, of proper password construction, or of what your CU's policy is about asking for account information in an email, tweet, facebook message, or online on a website. You can't stop people from making a bad decision, but you can provide them with the right kind of insight that keeps them from doing something foolish...or blaming you for not telling them what to expect.
Maybe you shouldn't call a member an idiot...but you have to admit, the example above really sinks in.