A Dutch security researcher has said that he had gained access to Trump’s Twitter account by guessing the password. What was it, you ask? “maga2020!”. Yes, really.
Victor Gevers, a security expert, had access to Trump’s direct messages, could post tweets in his name and change his profile, de Volkskrant reported.
Gevers – who previously managed to log into Trump’s account in 2016 – gained access by guessing Trump’s password. Maga2020, a popular tag for Trump’s re-election campaign, was Gevers’ fifth attempt – and it worked.
“I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information,” Gevers told de Volkskrant.
…Remarkably, it wasn’t the first time Gevers has gained access to the president’s Twitter account. In 2016 he and two others guessed Trump’s password, and got into his account.
Back then Trump’s password was “yourefired”, according to Vrij Nederland.
I find it hard to imagine that even Trump would use such an obvious password but with Trump, there seems to be no lower limit for incompetence.
Seems real. I tried out the combo, and it got to asking for an email and phone number to verify my identity. I don’t think twitter would do that if you got the combo wrong.
Seems real. I tried out the combo, and it got to asking for an email and phone number to verify my identity. I don’t think twitter would do that if you got the combo wrong.
Whoops, sorry about the double post! Mouse has been acting up.
Eh, actually, scratch that. I was trying a different password. Still, it doesn’t seem completely out of line. Politicians aren’t exactly known for their good security practices.
Well, it would have to be something he could remember, or at least spell without having to look at a cheat sheet.
I’ve seen other security guys verify the yourefired password on LinkedIn, so yeah, it could very well be that bad.
Let’s assume his bank PIN is 1234.
I hope this person had the good sense and common decency to unblock and unban all of the people on his blocked and banned list.
The code to “the football” from Reagan through Clinton was 012345678
I’d not be surprised if Trump’s password were stupid (I assume his IT people are the very worst) but systems like Twitter usually require additional steps to enable new devices, like a confirmation email or SMS. Easy enough for NSA or FSB to get through using a man in the middle attack but last time I checked one of them works for him, and he’s employed by the other.
When he got elected there was serious discussion with an eye to compromising the account to manipulate the stock market. The degree of backtrack that is available would make that very dangerous. Good plot for a thriller tho.
Marcus Ranum — Funny, I have the same code on my luggage…
@jrkrideau(#7):
Your joke isn’t as much of a joke as you think it is.
1 in 10 four number pins are 1234
And I’m going to guess that this is real based on that the guy who reported this is the head of a vulnerability disclosure foundation which seems to be a project run/supported/financed by the Stichting Internet Domeinnaamregistratie Nederland (Netherlands Foundation for Internet Domain Names). So while it is a publicity stunt lying would be the end of his career and damage to the trustworthiness of that foundation.
@jrkrideau (#7) Knowing his bank PIN probably wouldn’t do me any good if his balance is negative.
Sysops for university systems regularly scan the passwords used and, pretty much without exception, you find that the usual suspects get used again and again. Password= password, 12345678, abcdefg, qwertyui …
And it isn’t just the dumb people either. It seems to be part of human nature.
Of course a big problem is how security is handled. Allowing unlimited guessing at machine speeds makes even fairly complex passwords hackable. Inserting a exponentially growing time delay between guesses is good. Two seconds, four, eight, sixteen, thirty-two … humans would barely be inconvenienced. And even simple passwords would be more difficult to guess. But what the hell do I know.