Twitter just agreed to settle Federal Trade Commission charges that it deceived customers and put their privacy at risk by failing to safeguard their personal information. Full article here. This is the first case of this kind against a social networking service and it should be a wake-up call to any provider of cloud-based services.
We cloud vendors all face the same challenges as Twitter. Our business consists of managing our customers’ private or personal data. We use dozens of cloud applications to run our business and most of us have no business applications behind the firewall. The average cloud vendor juggles thousands of passwords every day and the average user is not able to remember a dozen strong passwords.
Here is what the FTC said Twitter failed to do in order to protect their users’ data.
None of these precautions seem unreasonable from a security perspective. Yet, people are creatures of habit, busy, forgetful or simply don’t have the necessary tools to assist them in behaving in a secure way. Once you have typed the same password a hundreds times, it becomes a reflex. It’s now something you uncritically do when you see a password prompt.
One of our customers recently performed a phishing test internally to see how many users would enter their password on a fake Google Apps login page. To everyone’s surprise, 27 percent of the tested individuals did just that.
Completely eliminating passwords or using strong passwords are the best ways to avoid a Twitter security blunder, but leaving it up to each individual user is too much to ask. OneLogin’s lets you generate completely random, strong passwords and automates the login process, which has two big advantages. Users don’t need to write down passwords and since they are impossible to remember, phishing attacks are effectively eliminated.