How can Okta prevent highly coordinated attacks that impact verified Twitter accounts?

Who was impacted?

On July 15, 2020, several verified Twitter accounts of famous people and companies were breached and hacked. Companies and individuals such as Apple, Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, and others. These hackers published tweets from these accounts soliciting donations via Bitcoin. An example of a tweet read: “We are giving back to our community. We support Bitcoin and we believe you should too. All Bitcoin sent to our address below will be sent back to you doubled.”

With famous companies and individuals having a huge impact on others, the posted tweet within the first three hours of the attack went on and deceived people into sending more than $118,000 to the scammers. Bitcoin is a popular cryptocurrency used by scammers because it is virtually impossible to recover the lost funds.

Twitter then stated that verified accounts will be capable of tweeting until the issue is resolved and have also disabled some account features such as password reset requests.

How to secure your Twitter account

• Create a strong Password
  • We have heard this many times before, but what is a strong password?
  • Here is an article on how to create a strong password
• Twitters Two-factor authentication

- Check boxes for additional authentications
    - Text message
    - Authentication app
    - Security key

• Never let your browser save your password

How to Secure your Twitter account when using Okta

As a User of Okta your organization may have restrictions on whether you have permission to add applications to your dashboard. Some applications may just be assigned. Either way to secure your Twitter account using Okta an administrator needs to set up the application to have App Rules.

How to add App Rules in Okta

When signing into Okta

• Application
  • Locate or search for Twitter
• Sign On

Different rules can be applied. The first thing to do is to Name the Rule

• Rule Conditions consist of
  • People
  • Location
  • Client (Devices)

- Access - Even though Okta is known to be a [__Single Sign On__](https://ironcovesolutions.com/expertise/single-sign-on-deployment "single sign on") service, you can always add additional authentication.
    - To add a more secure way to access your Twitter account
        - An option recommended is to __Prompt for Re-authentication__ for __Every sign on__
        - Make sure to click “__Save__”

When the Application Rule is set up in Okta, trying to sign in to that application routes you to an extra verification. In this case, we use Okta Verify as our Multi-factor authentication.

“Send Push” and using your Okta Verify application, then answer the notification “Yes, It’s Me”

These extra verification process will allow you to have access to your Twitter with having the best possible secure way to not get breached or hacked.

If you would like to learn more about Okta or how to get your organization started with Okta, give us a call 888-959-2825 and we would be happy to answer your questions.