The President of the United States clearly has a thing or two to learn about password security. Last week, Donald Trump's Twitter account was hacked by Dutch researcher Victor Gevers after he correctly guessed the President's password: "maga2020!"
Gevers guessed the correct passcode on his fifth attempt, and after gaining access, he had the President's 87.3 million followers at his disposal. If he had wanted to, Gevers could have tweeted, sent direct messages, changed Trump's username and profile, and followed or unfollowed other users. Instead of tampering with the President's Twitter account though, Gevers attempted to contact the White House, alerting them of the account's lack of security.
“So, he tries to warn others. Trump’s campaign team, his family. He sends messages via Twitter asking if someone will call Trump’s attention to the fact that his Twitter account is not safe. He tags the CIA, the White House, the FBI, Twitter themselves. No response,” reported the Dutch daily newspaper, De Volkskrant.
This security breech is particularly dangerous, given how frequently the President uses Twitter as a way to directly speak with the public. Some have even called his time in office the "Twitter presidency." The President also breaks news on the social media platform. For example, earlier this month, Trump announced an end to COVID-19 stimulus talks through a series of tweets. He later backpedaled from his original tweet.
In addition to Trump's easy-to-guess password, Gevers noticed that the account did not have two-step verification in place, a recommended security measure that requires access to another approved device in order to log in. Additionally, after four failed password guesses, Gevers was not locked out of the account, or prompted for further information, as he had anticipated.
But eventually, someone at the White House apparently received Gevers's messages. The day after he guessed the password, the researcher noticed two-step verification was enabled on the account. According to De Volkskrant, two days later, the Secret Service contacted Gevers and thanked him for bringing the problem to their attention.
Trump does not have a great history with password choices. Gevers and two others previously guessed the President's Twitter password in 2016. It was "yourefired," a reference to Trump's catchphrase on The Apprentice.
Want to keep your account more secure than the President's? Keep reading.
Create a stronger password.
Consumer Reports offers a number of suggestions regarding password selection and safety. Here are some of the major takeaways.
The longer, the better.
Your password should be at least 12 characters, if not more. Also, try adding numbers and special characters (think *!?&).
Use a phrase only you know.
The best passwords are a string of words or a phrase only you know. Don’t include your name, birthday, or other personal details—or those of any other member of your family. And, this should go without saying, don't have the password be "password" or some variation on that.
Try not to reuse passwords.
While it might be difficult to remember so many long passwords, it's important to vary them. If a hacker breeches one of your accounts, you don't want to give them access to everything. Write down your passwords, keep them in a safe spot, and be careful about who you share them with.
Use two-factor authentication.
The Trump team's biggest problem? A lack of two-factor identification. With 2FA, even if someone guesses your passcode, they can't get into your accounts unless they have access to another one of your devices. 2FA comes in the form of a texted code to your cell phone, an app, or physical security keys inserted into a computer. Whichever you choose, you're better off than with nothing.