Security on the Internet is terrible. That’s always been true, but it’s wildly obvious these days. Right and left, people are losing their passwords, ending up in botnets, and some days it seems like you might as well post your bank details on Pastebin, just to get it over with.
Embarrassingly, a pro-Syrian government group called the Syrian Electronic Army took over the Twitter accounts of the Associated Press, FIFA, and even The Onion. After this, Twitter finally rolled out something called two-factor authentication to make its users more secure.
Website two-factor authentication works with something you know (a password) and something you have (a mobile phone). It’s not perfect, especially if you don’t have or want to connect a phone to your Twitter account. But if you can use it, you should. If you get tricked out of your password, someone still has to mug you for your phone before they can tweet names for human genitalia repeatedly from your work account. It’s available for Google, Dropbox, Yahoo, probably your bank, and many more.
The truth is, many companies don’t care about securing their customer data because they don’t have to care. If they get hacked, they are considered the victims, not you—no matter how badly they secure your information. In fact, until California passed a disclosure law 11 years ago, companies didn’t even have to tell you that your data was lost.
We have to demand better from software. But the first step is using what we have now—and turning on two-factor authentication for our accounts.