After the recent spate of high-profile hacks, Twitter is introducing a “two-factor authentication” system to stop hackers gaining control of user accounts.
Twitter will introduce a new two-step authentication process to its micro-blogging site using mobile phone verification as an added security measure to keep accounts protected.
Users accessing their Twitter accounts from a new device will be asked to input a code that is sent to their chosen mobile phone number. Without that secondary password, the login will fail.
“Today we’re introducing a new security feature to better protect your Twitter account: login verification,” said Jim O’Leary of Twitter’s Product Security Team in an official blog post.
O’Leary also confirms that the two-factor authentication is just the first step to bring greater security features to Twitter users.
The improved security features are being added in response to the hacking of several high-profile Twitter accounts, including the Guardian, BBC and the FT.
In April, the Associated Press’ Twitter account was hacked and caused US stock markets to dip when a tweet was posted claiming President Obama had been injured in a bomb attack. The group behind the hack claimed to be called the Syrian Electronic Army.
However, despite Twitter’s attempt to increase security measures with its new two-step account verification process, security analysts suggest the new measures are easily circumnavigated.
“Twitter’s use of two-factor authentication should be welcomed with open arms,” said David Emm, Senior Security researcher at Kaspersky Lab. “However, there are some potential pitfalls with using SMS as an authentication method. Many people log into their Twitter account from their smartphone via the Twitter app which doesn’t require login credentials to be entered each time.”
“This means that the same device is being used for both authentication factors and if this device is lost or stolen, whoever finds {or has stolen) it will be able to access the account. Therefore, in effect, there is no longer two-factor authentication.”
Next, read our Twitter #Music review.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
