Two-Factor Authentication Finally Comes to Twitter
Twitter finally announced on Wednesday the launch of a new two-factor authentication system that will better secure user accounts from unauthorized access.
Twitter's new security method essentially forces users to provide both a password and an additional method to verify their identity in order to log in. Its arrival is belated at best given the number of publicly hijacked accounts that have surfaced in the last several months. Google, Blizzard and NCsoft are just three that already have a similar system in place to protect their customers.
"Every day, a growing number of people log in to Twitter," said Jim O'Leary from Twitter's Product Security Team. "Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web."
To use this system, Twitter junkies will be required to register a verified phone number and a confirmed email address. After accessing the accounts settings page, users can set up two-step verification by selecting "require verification code when I sign in". Click on a link to add a phone number, and then enter a six-digit number that was sent to that phone.
"This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers)," he said. "However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future."
Even with login verification enabled, existing applications should continue to work without disruption. However if users somehow are logged out of their account on other devices or apps, simply revisit the applications page and generate a temporary password to log in and re-authorize the application.
The new system arrives after hackers recently broke into the Twitter accounts of the Associated Press, the BBC and 60 Minutes. Out of the three, the Associated Press incident was the most controversial, as the hackers tweeted from the AP account that a bomb had ignited in the White House, injuring President Obama. Although the incident was fictional, it caused real-world devastation on Wall Street, triggering a nearly-yet-brief 100-point drop of the Dow Jones.
"Even with this new security option turned on, it’s still important for you to use a strong password," O'Leary added, pointing to Twitter's advice for keeping accounts secure.