Is Twitter tweeting without your knowledge?

So there has been an ongoing issue with people's Twitter accounts posting various things without their knowledge - usually advertising links ("I lost 20 lbs in two weeks, click here to find out how!") As usual, NEVER EVER CLICK THE LINKS! I cannot stress that enough - chances are it will take you to a site that will try and install malware on your computer without your knowledge, or will ask you for some sort of login credentials.

So what do you do if this happens to your account? Follow these simple steps:
1) Login to your account on Twitter.com
2) Click "Settings"

3) Click "Connections"

4) Revoke access to everything listed here unless you are 100% sure you want it to have access to your account.

5) Click "Password"

6) Change your password - choose a complex password!

7) as a courtesy to your followers, send a quick tweet letting them know NOT to click on the links you had sent out.

Always be aware of what sites and applications are asking for you to log in with your Twitter username and password - be very clear on why that site wants it and what it will do. The only authorized connection I have is TwitterFeed - this service will automatically post a pre-formatted tweet when I have updated this blog. When the Shorty Awards were happening, I granted them access for a day or so, and then revoked it. Sometimes you may not realize that you have granted access to your twitter feed - go in every once in a while and see what is listed under Connections.

Info Security Basics: Complex Passwords

I will soon be teaching a bunch of “Information Security Basics” courses at work, and that gave me the idea for a few blog posts.

So children, today we will learn about Complex Passwords!

Passwords – they are everywhere!Love ’em or hate ‘em, you probably use them often, if not daily. Passwords are one of the most basic types of authentication used – your basic Who You Are (user id) combined with What You Know (password).

Do your best to NOT use the same password for everything – your online banking password should not be the same as your Facebook login password. Ideally every password you use should be unique, but realistically that would be a nightmare to maintain – but do the best you can. I tend to group in terms of importance/risk:

1) High (e.g. banking) – unique, very complex passwords
2) Medium (e.g. Facebook, Twitter) – unique-ish, complex passwords
3) Low (e.g. web forums) – I have a few passwords I tend to use

Also, don’t use common words or proper names of people/pets. Common words are easily guessed using a dictionary attack, and proper names are easily guessed by doing a bit of research on people.

Most websites give you a “forgot your password?” link if you are having problems. Be careful of the standard security questions they use – the answers tend to be common things that are easily guessed or researched. You know those online quizzes and Facebook “25 things you didn’t know about me” type things? Did you know the name of my first pet was Snowball? Oddly enough that’s also one of the common security questions used when you forget your password!

Basic Rules for Complex Passwords:

• Minimum of 8 characters
• Use both upper (A to Z) and lower case (a to z) letters
• Use numbers (0 to 9)
• Use at least ONE symbol (e.g. , ! $ & % #)

One of the most common complaints about complex passwords is that they are hard to remember. A good suggestion is to use the first letters from an 8 word (or more) sentence or catch phrase, replacing some letters with numbers or symbols:

We work hard so you don’t have to” becomes WwH$ydh2

Oh, and one other thing: please don't write your password on the under side of your keyboard, or on a sticky note by your monitor, etc! That sort of thing really makes that vein in my forehead throb....