Enhancing social-media security
The Conversation: FCW's reporters and editors respond to your comments.
social media securityAgencies should use social media platforms that have proven security. For instance, at a bare minimum, use two-step verification beyond username and password to better protect account access.
Frank Konkel responds: Federal agencies currently use more than 60 different social media platforms in their dialog with the public, and usually those platforms are used following "fed-friendly" terms of service agreements in place. The General Services Administration usually facilitates those agreements, and while they are beneficial in reducing duplication and the time agencies would otherwise spend negotiating these deals, social media security isn't something that can be negotiated in them.
This is why GSA's recent guidelines telling agencies to shore up their social media accounts were important. Twitter, for instance, is internally exploring two-step verification (also called multifactor or two-factor authentication) beyond a user name and password. Various reports suggest Twitter's multifactor verification would require a user to use a password, plus have access to a device – likely a smart phone – through which a randomly generated code is sent that must also be keyed in.
It sounds promising, but Twitter has not rolled out anything publicly yet. That means for the time being, some of the government's largest social media accounts – many have millions of followers or "likes" on Facebook – are secured by the same methodology as the teen down the street.
Because of the high-profile social media hacks over the past few months, including the hack of Associated Press' Twitter account that briefly caused the Dow to dip, it is likely that federal agencies will be among the first customers to climb aboard the multifactor authentication train. Until then, though, common sense guidelines are agency's best bets at making sure someone doesn't take control of their social media accounts.