Last week, Dutch security researcher Victor Gevers managed to log into the Twitter account of one of its most famous users, none other than Donald J. Trump. After alerting American officials, the Secret Service reportedly reached out to Gevers for more information and two-factor authentication was quietly enabled on the account. That Trump's account didn't have two-factor enabled is bad enough, but it also took Gevers only five tries to guess the password which was "maga2020!" of course.
"I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information," Gevers said in an interview with Dutch newspaper De Volkskrant. From there he had the ability to tweet anything he wanted to Trump's followers or download the President's private messages if he so wished.
Although neither Twitter nor the White House have confirmed the breach, another security expert who reviewed the evidence indicated that the claim appears credible.
The discovery comes just a day after the F.B.I. said that Russia and Iran have attempted to digitally influence the 2020 election. One erratic tweet from Trump's account could potentially move markets or start a war. But then again, the bar for "crazy" when it comes to POTUS's Twitter output is pretty low. So low it'd be hard to identify fake tweets in between the legitimate ones.
Twitter should do more – It's incredible but not surprising that Trump's account was so easy to break into. Despite being prolific on Twitter, he's never been what you'd call tech-savvy. The president for the longest time used an old, unsecured Android phone for all his tweeting despite concerns from security experts. He's now said to use an iPhone.
Making matters worse, though, is that this isn't even the first time Gevers has broken into Trump's account. It happened just before the 2016 election too, when Trump was a mere reality star and failed businessman and posed less of a threat to the geopolitical landscape. It goes to show how even prominent targets for hacking will ignore basic security advice in favor of convenience. Despite the myriad security breaches that happen online these days, the number of people who actually enable two-factor authentication online remains limited.
"Trump is over 70 – elderly people often switch off two-step verification because they find it too complicated," said Gevers. Which is one theory. We're going to go with the President's repeated displays that he's foolish, lazy, and prone to feeling invincible, as the likely reason ourselves. But then, we're not as diplomatic as the average Dutch person.
Has Twitter learned nothing? — Twitter isn't totally without blame here — the company should be trying to protect users from themselves by requiring a more complicated password at the minimum, and making two-factor authentication for all verified accounts obligatory. Especially after teenage hackers managed to infiltrate Twitter's internal systems and take over dozens of high-profile accounts.