Poor Elmo. The adorable, eternal 3-year-old Sesame Street character loves us, but someone obviously doesn’t love the furry red guy back. Hackers took over its popular X (formerly Twitter) account on Sunday and published a particular UN-ELELO-like content. It is surprising to a character and platform that is focused on teaching us probably missed a basic rule of social media: Always set up two-factor approval.
All of the deeply offensive positions have since been removed from Elmo’s account, which has over 684,000 followers, and while Sesame Street has publicly commented hacked, Elmo’s report has been silent in the last 48 hours.
Thinking, this could probably have been avoided if Sesame Workshop running the account had learned a simple lesson.
T is for two-factor approval.
If you have a blue check (or any color official check) on your X account you are probably a target. Elmo’s report is verified, although we think it should be a red check. For a while, it was difficult to identify verified accounts because X CEO Elon Musk removed them in 2023 and demanded anyone who would have a paid $ 8 a month. He joined a year later, and accounts like Elmo have regained their checks. It was good news, except for the fact that hackers immediately knew again exactly who to target.
Tied in verification were two factor approval, or rather how you could verify. X ended SMS (text-based) verification for non-paying members and favors instead codes and security keys.
But I’ll take off. It helps to explain two-factor approval (also known as 2-factor writer and 2FA) in a way that Elmo can understand.
Elmo likes to learn
Elmo. Elmo, look at me. Stop playing with that puppy and look at me.
Yes, yeah, I know, “Elmo loves me.” Please, listen.
You know that X account that you love to use so much, the one where you offer hugs and asks us all to get outside and play?
I know, not, it called “Twitter.” No, I don’t know why they changed the name.
Let’s focus.
Your X account has your name and you use it by logging in, right?
Yes, Elmo, you’ve done a very good job with it. I see you on the account every day so you know clearly how to log in. It’s very good, Elmo.
But Elmo, your account is missing something.
No, wait, Elmo, don’t go running to look for it. It’s not something you dropped.
You have to make it harder to log in. You need to add something called “two-factor approval.”
Harder is sometimes a scary word, but not this time, and yes, “approval” is a big word. I can help.
Security ABCs
It’s simple, Elmo, when you log in to your account, you also need your phone with you to generate a code.
Yes, Elmo, I see your phone. It’s very nice. I know you don’t use it all the time. You are good at it.
Two-factor approval simply means Elmo that when you log in, there is another step (or factor) that you need to achieve before you can use your account again.
First, you need to enable two factor approval in your X account. This means you need the e -mail you used to create the account. Ask the adults at Sesame Workshop to find it. They also need to enter the password and then verify the use of a secondary login method.
Now, Elmo, here’s where it gets a little complicated. Once this is created after you have logged in – Elmo, stop playing with Tango for a moment and look at me – Twitter will ask you for a code.
I use and I think you could too, Google’s authentication
App. When this is created, when you try to log in (you or a trusted adult, Elmo), you will be asked for a code. You simply open the Google Authenticator app and grab the code that appears for x, and then enter it in X.
Then, Elmo, you’re done.
Yes, yes, Elmo, it’s exciting. No, I don’t think it’s fun, but it’s fine if you do.
Give 2fa a hug
Okay, I think Elmo gets it.
Hopefully you do. The technology here is simple: A hacker cannot log into your account without the secondary verification system. They need the code that only comes to the app and phone in your hand.
I promise that hackers will try and you can get e emails about their attempts, but they will probably fail because hackers do not have that code and can’t finish login. 2FA is also not just for x; It is a valuable security tool for any online account, including E email, bank and work accounts.
One more thing for you and, oh, elmo, come back hit for a moment. Everyone needs to change their passwords every six months. This makes it difficult for hackers who have hoovered your information in a data transgression to use old passwords to access your accounts.
I know, Elmo, you love us. We love you too.
