Welcome again to Your Password Sucks, the Daily Dot newsletter that answers all your internet security-related questions.
Today, we’re going to tell you how to make sure that your security and privacy settings on X are where they need to be.
If you’re still using X, you’ve likely noticed how far the once loved platform has fallen since Elon Musk’s takeover.
Your DMs are undoubtedly filled with spam. Your timeline is almost certainly being bombarded with crypto scams and misinformation.
Maybe, like me, you need to stay on X for work or other reasons. Maybe you’re determined to go down with the ship. Or perhaps, you think X can be salvaged.
Regardless, the number of scams and hacks on X in recent weeks have been concerning. As covered by the Daily Dot last week, a crypto scam allowed hackers to make posts on high-profile accounts without even needing to steal their login credentials.
All you had to do was click a fake Google Calendar invite sent to your DMs by hackers posing as journalists, and next thing you know, your account is sending out posts about some scammy crypto coin.
How to increase security on your X account
The attack worked because the link actually led to a malicious third-party app run by the scammers that granted itself permissions to post on your behalf. So for starters, let’s check that there aren’t any unauthorized apps with access to your account.
To do so, simply go to “Settings and privacy,” select “Security and account access,” find “Apps and sessions,” and check “Connected apps.” If you see any app you don’t recognize or no longer use, remove it.
As far as other steps you can take, the obvious ones are using a password manager to create and store a strong and unique password for X. Next, make sure two-factor authentication (2FA) is enabled.
To do this, go to “Settings and privacy,” select “Security and account access,” choose “Security” and “Two-factor authentication.”
An important note: Using 2FA is better than no 2FA. That being said, not all 2FA is the same.
Using text-based 2FA, which sends you a code to type into X after entering your password, is good but, depending on your threats, can be compromised if your phone and phone number are hijacked, although the average person is unlikely to be targeted this way.
The second and better option is to use an authentication app. This app, usually on your phone, generates codes for 2FA. But the best is a security token, like a Yubikey, which requires you to plug a USB-like device into your computer to gain access to your account.
After that, generate some backup codes. These are available in the same menu as 2FA. These can be used in case you lose access to your normal 2FA option.
Remember, the attack we mentioned above doesn’t need your password or a 2FA code to post as you. So always be weary of any links sent over DM, especially from accounts you don’t recognize.
From there, you can go back to “Security and account access” and check out the “Connected accounts” section to see if you’ve ever connected any other social accounts to your X account to log in. If you see other accounts listed that you don’t need anymore, remove them as well.
And of course, if you want to avoid shady scammers on X as much as possible, you can simply go back to “Privacy and safety” and choose “Direct Messages.” There, you can choose whether anyone can send you a DM, only verified users can, or no one can at all.
These steps, as well as some perseverance, can keep you safe from many of the sophisticated crypto scams on X right now.
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
The post X seems to get less secure everyday. Here’s how to lock down your account appeared first on The Daily Dot.
from Tech https://ift.tt/h1tAYBC
0 Comments