As an additional measure, Twitter started distributing phishing-resistant security keys to its employees and requiring its teams around the world to use them. Google implemented the measure in 2017 to great success: A year after making it mandatory for employees to use physical security keys for two-factor authentication, the tech giant announced that it has “no reported or confirmed account takeovers” anymore.
Twitter required all new employees to go through security, privacy and data protection trainings, as well. Those who have access to non-public data had to attend additional mandatory training sessions on how they can avoid becoming phishing targets for attackers. The company also said that it’s been constantly improving its internal detection and monitoring tools that alert the company of possible unauthorized access attempts.
As for its election-specific efforts, Twitter said it recently implemented heightened security measures for election-related Twitter accounts in the US. A few days ago, it started sending them in-app notifications on new security requirements going forward, such as enabling password reset protection for accounts by default. It also conducted additional penetration testing and scenario planning over the past months. From March 1st to August 1st, for instance, its cross-functional elections team performed exercises on how to deal with hacks, leaks of stole materials, foreign interference and coordinated online voter suppression campaigns, among other scenarios.
As a closer to its post, Twitter promised to roll out improvements to its privacy settings in the near future:
“We are continuing to invest more in the teams, technology, and resources to support this critical work. We also know that we can do more to make it easier for you to find and use the settings and controls we offer, so we’re working on rolling out improvements to the design and navigation of our privacy settings. You’ll see these improvements in Twitter soon.”