Earlier this year, Twitter Inc. advised its 336 million users to change their passwords after discovering a hashing bug that could potentially have exposed user passwords. Twitter noted that there was no evidence that anyone has accessed or stolen the data, but when there is a chance of password exposure, there is always reason for concern. Hashed passwords are transformations of the original password. Hashing a password is used because it is fast. Of course, storing valuable data such as a user’s password in plain text makes it easily readable and accessible, while hashed passwords are theoretically protected and impossible to read. Yet somehow, due to an unexpected bug, Twitter user passwords were stored unencrypted or hashed in plain text. “We recently identified a bug that stored passwords unmasked in an internal log,” Twitter Chief Technology Officer Parag Agrawal wrote on the official Twitter blog. “We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.” We need to make sure our data is safe in the cloud. Perimeter defenses are useful, but not enough to keep attackers, let alone malicious insiders, at bay. Recent history tells us that administrative errors, programming “bugs” (such as Twitter’s) and misconfigurations will happen, insider threats and cyberattackers will breach cloud security, and many more threats will compromise security. In order to meet this variety of threats, online SaaS services such as Twitter will benefit from a Zero Trust assumption. Zero Trust is a cyberdefense strategy that tells us that all networks and their resources are to be considered unsafe and that at some point they will be successfully compromised. With Zero Trust at top of mind, 2-factor authentication has emerged as one of the best practices for accessing systems of any type, as it protects the user even when their password is compromised. There are rare exceptions where 2-factor authentication can be compromised, but, in general, the use of 2-factor authentication is much better than just relying on the confidentiality of a password. Robust end-to-end encryption, or Zero Trust encryption, is another best practice that brings strength and resiliency to the cloud. Zero Trust encrypts from the “edge” of the enterprise. This “edge” encryption ensures that all data in the cloud is constantly encrypted, whether in use, in transit, or in storage in the database. Edge encryption is a key feature of cloud access security brokers (CASB+) which bring strong visibility, data protection, threat protection, and powerful controls for compliance. Most online cloud-based services and their enterprise users are rapidly moving in this direction. Every online SaaS service and their users will benefit substantially from Zero Trust practices such as 2-factor authentication, end-to-end encryption, and the deployment of cloud access security brokers.
*** This is a Security Bloggers Network syndicated blog from CipherCloud CASB+ Platform | Enterprise Cloud Security authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/blog/twitter-s-potential-password-exposure-could-zero-trust-help