A cybersecurity reporter's plea
A version of this post titled “Twitter takeovers—a password plea” originally appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter.
Let’s recount: a celebrity, a hip-hop artist, a media magnate, a tech CEO, an activist, the NFL, Kylie Jenner—all these people (and sports leagues) have had their Twitter twtr accounts hacked in recent days.
The takeovers are moderately entertaining, at times. Like when Katy Perry—or rather, the person momentarily administering the songstress’ avatar—extends a digital olive branch to friend-turned-foe Taylor Swift. Or when Facebook fb chief Mark Zuckerberg—that is, the puppeteer controlling his account (otherwise silent since 2012)—boasts openly about having an abysmal password. These jolts to the system are, occasionally, welcome reprieves from the regular social media malaise. I’ll admit.
The hacks are also more than a little disconcerting. Without fail, they give rise to short-lived rants chock full of racial slurs, curse words, and gibberish. Equally distressing is the realization that people continue to leave their online selves vulnerable to attack. Reusing the same appalling password across any number of websites may as well be an invitation—calling all malefactors!—to take the stage at the world’s next Open Mic Night. The venue: your mouth.
The state of online security is generally terrible, I know. I empathize. Until that’s fixed, one has to be proactive. You already know what I’m going to say, yes. Password hygiene, password managers, password complexity, length, special characters—yada yada, dadada.
For more on hacking, watch:
You’ve heard the spiel before. But really, I implore you. Please. Do us this one solid. Do the world this one solid. Go and download that password manager. It won’t bite, really. Download that app and reset your passwords to the most uncrackable, indecipherable, alphanumeric gobbledygook the world has ever seen—a distinct one per account. Here are some options even: Dashlane, KeePass, LastPass, Keeper. Really, go ahead. Go!
Done? I hope so. Now for extra credit. To steel yourself against the most determined hackers, take this bonus step: activate two-factor authentication on your accounts. This highly advisable security feature sends a passcode to a device of your choosing that you’ll have to enter upon login. Most savvy websites offer this as a layer of defense. And yes, it’s worth the minor inconvenience to set up. (Overachievers, call your mobile carrier and lock your accounts with a PIN as well.)
If you’re not going to take this measure for you, at least do it, I propose, selfishly, on behalf of cybersecurity reporters. For they can only write so many “guess who’s been hacked today??” stories before losing their sanity. Have mercy.
Thank you for understanding, dear reader. Enjoy the weekend. I’ll be at a cabin in the Catskills. More news here.