06/12/2017

How Hackers Can Break Into Your Accounts

Without Your Password

In the wee hours of Wednesday morning, a host of prominent Twitter accounts were compromised and, as a result, began spouting swastika-laden propaganda in support of Turkey's president Recep Erdoğan ahead of a referendum next month which could consolidate his power. So yeah: Now's a good time to check your own accounts and make sure you close the backdoor that let this happen to other people.

These professional and verified accounts, including Duke University, Forbes, and Amnesty Inernational, were likely protected by pretty robust security measures such as two-factor authentication and strong passwords. Those are important precautions, and ones you should take, too. But that wasn't enough because hackers have another way: app permissions.

If you've ever logged into an app or service by using your Google/Facebook/Twitter account in lieu of creating a new username and password, you've opened up the app permissions hole. This feature is fine and good-it lets you worry about fewer passwords and sometimes is necessary for apps that work directly with your other account. But it's also a security liability.

read more