Two-Factor Authentication for Social Media: Now, Tumblr!
Following in the footsteps of Twitter, Linkedin, Facebook and Google, Tumblr has rolled out two-factor authentication for users of their micro-blogging platform to secure their logins, giving them the option to protect not only millions of critical cat GIFs but also many news organizations like The Atlantic, NPR and Newsweek.
You know how you need two keys to launch a nuclear missile? Two-factor authentication works like that. One key is your password, the other key is your cellular phone, and you need both to access your Tumblr Dashboard. - Staff.tumblr.com
We wrote about this in an earlier article, HootSuite and Buffer: Social Media Giants Enable Two-Factor, highlighting the importance of not only adding two-factor to social media accounts, but also to the services that manage multiple social media accounts, like HootSuite and Buffer.
As was seen in the AP’s Twitter breach and Microsoft’s Skype Twitter and blog breaches, attackers were able to access and breach several corporate accounts and post false content. In the recent CNN breach, their HootSuite account was hacked via phishing emails, giving attackers access to several of CNN’s social media accounts, including Facebook and Twitter accounts for CNN Politics and CNN Security Clearance.
Add two-factor authentication to your HootSuite account and secure multiple social media accounts:
[Hootsuite] currently lets users perform two-factor authentication through the usage of time-based one time passwords (TOTP) which is an open-standard that many other online services (such as Facebook and Amazon Web Services) leverage.
If a HootSuite user views their Settings page, they will note that under Account->Security the ability to enable what HootSuite calls “2-Step Verification.” - Mark Stanislav, Security Evangelist, Duo Security
Tumblr also gives you the option of authenticating via a passcode texted to your phone, or with the help of a free authentication app. Here at Duo Security, our free app provides TOTP protection for your personal accounts, such as Google, Dropbox, Amazon Web Services (AWS) and more.
You can get started by signing up for a free Duo account, then downloading Duo Security’s free mobile app (Duo Mobile) for iPhone or Android. Follow the instructions to turn on two-factor authentication (sometimes called two-step verification) for your account. When you’re given a barcode to scan, open your Duo Mobile app and tap “+” to add a new account. Then scan the barcode and tap the key icon to generate your passcode.
While you can use TOTP to protect your personal accounts, what about your enterprise accounts? The Microsoft breach was the result of a phishing email that tricked users into entering their Office 365 credentials into a spoofed login page. Duo Security’s two-factor service also protects cloud-based enterprise accounts for entire organizations - check out Two-Factor Authentication for Cloud Apps for more on how to protect Salesforce, Office 365 and Box.