For past few day, twitter users have been receiving emails from Twitter, pertaining to the reset of their password or hack attempts on their twitter accounts.
For past few weeks, after the discovery of brute force attack on Twitter login page and the inability of Twitter to provide any sort of blocking service for failed logins attempts, has only added to the woes of twitter users.
This is a basic security flaw for which only twitter has the solution. Twitter as a matter of fact allows large number of failed login attempts from a single IP and hackers have found a way to circumvent this IP block but changing their IP addresses through various methods.
Brute-Force attack as we all know relies on dictionary based attacks which requires a word-list of commonly used words.
Hence, it is advisable for twitter users to keep strong passwords of their choice or may use http://strongpasswordgenerator.com/ to generate one for them. Since these generated passwords are difficult to remember – one should be careful of not writing them down or finding out a way to memorize them or a use a password-manager, which will encrypt their passwords.
On a personal note, it was a nightmare for security researchers like myself, as we have access to loads of online services and one single breach leads us to changing the passwords for all the services we have access to. Even though, we do change passwords on regular basis , however, reports like these are considered a “Nightmare”.
Second word of advice is to login into your twitter account and enable “Require personal information to reset my password” found in the “Account” section of the “Settings”
By default, you can initiate a password reset by entering only your @username. If you check this box, you will be prompted to enter your email address or phone number if you forget your password
All those who use twitter, for connecting with their families and friends, should stay alert for any unauthorized attempts on your online persona. Recognize phishing attempts and always change your password with a more stronger password on daily/weekly/monthly basis.
I wish all my readers a Safe and a Secure Diwali.