A posting on Bruce Schneier’s blog drew my attention to this interesting case study of how a hacker was able to gain access to the personal accounts of Twitter executives. There’s nothing new here of course. We’ve always known that password security is simply not good enough for any publically accessible service. The real issue here is the fact that executives are increasingly using cloud services that were designed primarily for personal use, not business purposes. A further worrying trend is that, in many cases, our personal data is becoming just as sensitive as our business data. We need an all round improvement in authentication methods for cloud computing services.