DEV Community

Discussion on: What are the major lessons from the Twitter hack?

daniel15 profile image
Daniel Lo Nigro
  • There's rumors that some of their internal tools use a shared username and password posted in a Slack group. Please never, never do this. Always have separate credentials per user, or even better, use single sign-on for everything. Shared credentials are extremely risky, as you have no idea if ex-employees still have the credentials, and it's way too easy for the credentials to leak
  • Always use two-factor auth for all your internal tools
  • Ensure tools have proper access permissions rather than granting every user access to everything
  • Use an IDS (Intrusion Detection System) to detect anomalies on your network