The answer could be a big no, take only a look at a recent incident involving Twitter’s password recovery feature, which was struck by a bug that caused thousands of personal information such as email addresses and phone numbers to be exposed to attacks.
The incident might be isolated in nature as it did not affect a large number of Twitter users, but it highlighted a certain vulnerability in the social network’s security infrastructure that puts the company in a negative light as its user base continues to grow.
Twitter alerted its affected users only a few days after detecting the data security loophole and even went on to warn users with malicious intent against attempting to take advantage of the situation and access the accounts of other Twitter users. The bug would have allowed anyone to breach the Twitter account of other users they may know or whose username they may have a previous knowledge about.
The password recovery bug took place at a time when exposure of sensitive website features to attacks is not an unusual thing anymore. In other words, Twitter is not alone in the long list of web services that, in one way or another, had their users’ personally identifiable information exposed to attacks. Facebook is also a frequent victim of such vulnerabilities.
Also, one infamous incident involving data breach happened recently when pieces of personal information that belonged to the users of online dating website Ashley Madison were breached and it was only a matter of quick Google search before the spouses of those users discovered the acts of infidelity.
What those users did not know was that their email addresses and other personal data were breached not as a direct result of haphazard activities by the hackers, but because of a flaw in the website’s password recovery feature. It would be better then not to rely on the security protocols of most web services, because it appears they still are not taking the security of their users very seriously, however they claim otherwise.
It would help instead to turn to existing industry standards for protecting our cyber credentials such as the multi-factor authentication, which is increasingly growing in adoption and implementation. At present, Twitter provides login verification to users requiring them to input single-use codes sent to their mobile numbers to serve as a secondary factor for authentication. This should be enough to prevent any security breach in the future.