In association with heise online

23 May 2013, 10:55

Twitter implements two-factor authentication

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Twitter two factor authentication
Zoom Twitter's two-factor authentication uses text messages and can be activated in the account settings

Twitter wants to improve security – not a bad idea, after recent problems with hacked accounts sending out false reports. Two-factor authentication, which Twitter calls "login verification", should make it harder for someone with malicious intent to take over an account.

Twitter users can now opt in to login verification by checking the box under "Account security" on their account settings page. Once they add their mobile phone number to their account and activate login verification, they will have to enter a six-digit code sent by SMS in addition to their password every time they log into the service.

Users can generate a temporary password to authorise applications for Twitter and other devices when using two-factor authentication. Jim O'Leary, a member of Twitter's security team, emphasises that even if users have activated login verification, they should still use a strong password that is difficult to guess.

In the last few weeks, Josef Blatter, FIFA, the BBC, CBS, news agency AP, the Guardian and the Financial Times have been just some of the victims of hacked accounts. A group called the Syrian Electronic Army claimed responsibility for the attacks, accusing western media of spreading wrong information about the civil war in Syria. The attack on AP was especially serious, since its official Twitter account was used to send out false reports of explosions in the White House that supposedly injured President Barack Obama.

The new two-factor authentication mechanism is a step in the right direction, but it remains questionable whether the measure will actually solve the problem for the targets of the latest hacks. News organisations tend to have multiple people, often on different continents, that need to access the organisation's Twitter account. In these cases, having one mobile phone in the organisation registered to the account presents a problem and will probably prevent the use of the login verification feature.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit