Latest massive Twitter password heist proves Microsoft anti-password stance is on point
33 million Twitter accounts have been compromised, which means, yours has been too.
The first symptom of someone hacking your Twitter account is a whole bunch of direct messages being sent, on your behalf, to your entire list of followers, containing all kinds of spam, from innocuous advertising messages, to links pointing to ransomware minefields from where yours and your follower’s computers will probably never return.
The blunt truth is: passwords are about as useful in keeping a user account secure, as a bank vault’s blast door made of plywood is half as good in protecting your money.
Twitter first introduced two-factor authentication, a security feature that works by generating a code necessary to login after typing the regular password, in 2013, as a measure to curb hacking. Since then, it’s unclear how many users have adopted the feature and enabled it on their phones. What matters is the fact that 33 million Twitter logins are now available for sale to anyone with enough Bitcoins.
Microsoft Windows Hello was introduced upon the first inception of Windows 10, as part of Microsoft’s “war on passwords”, which is the tech giant’s ongoing vow to eliminate passwords by replacing them with viable and more secure alternatives, including biometric detection, and also, two-steps authentication.
Biometric security has taken the spotlight since last year, when fingerprint readers have been making their appearance on Microsoft Surface Pro 4 Type covers, as well as on the Microsoft Surface Book, allowing consumers to log into Windows using their fingerprint.
Two-steps authentication is a feature that is more common on phone apps, but as it turns out, Microsoft has managed to enable it on desktop and laptop PCs as well, through an app that connects to the user’s Microsoft account, which is required to log into Windows 10.
Once two-step verification is enabled, every attempt to log into Windows 10 from an unknown location will trigger the Microsoft Account app, available to Android, iOS and Windows Phone users, which will ask to confirm the login attempt.
This is useful in case a Windows 10 PC is stolen, especially with encryption enabled. Whether you use Windows 10 Home edition or Pro, Windows 10 allows to encrypt the entire content of a hard drive, making it impossible for a hacker to extract any data from a stolen Windows 10 PC, without getting past Windows Hello, and the Microsoft Account app..