Several high profile Twitter accounts have been hacked lately, including The Associated Press and, apparently, The Onion (it’s a little hard to be sure.) Twitter still doesn’t have two-factor authentication, so they’ve taken to recommending a dedicated computer for tweeting.
Even with two-factor authentication, desktop and mobile apps such as Twitter’s own TweetDeck and Twitter for iOS would most likely still store credentials and be able to hijack a Twitter account without the second factor.
How should you secure a high profile Twitter account while still allowing your social media person to do their job?
- Use a randomly generated password for the Twitter account that’s not used anywhere else and is only written down on paper.
- Use a dedicated computer for any use of Twitter that involves typing in the password or using twitter.com. Secure that computer in every way possible. Make sure it can’t access any website except twitter.com.
- Only tweet through a custom, dedicated Twitter API app. Control access to that app carefully, with two-factor authentication, IP address restrictions, and, if it’s not too much hassle, two-person approval of every tweet. Encrypt the OAuth access tokens, the secret that authenticates the app with Twitter.
- How do you initially authenticate the app so it can obtain access tokens? Do so manually, by writing down the access token key and secret and typing it into the server hosting the dedicated app.
- It will still be possible to reset the password for the account through email. Guard the email account for the Twitter account very well, make sure the domain name cannot be hijacked, and that the email account is only ever accessed from the dedicated computer.
- Regenerate the access tokens periodically.
The security of the Twitter account now relies on being able to secure the dedicated Twitter computer, as well as the server hosting the dedicated app. The computer should be easy to secure: it will hardly ever be used and can be powered off most of the time. The dedicated app server is more difficult to secure, but you can implement two factor authentication on it and do all kinds of other tricks without requiring cooperation from Twitter.