Twitter might start using two-factor authentication

The Guardian reports that Twitter might be implementing two factor authentication for its social network. The news comes just days after the company had to reset 250,000 accounts that had been compromised by a hacker attack.

Two factor authentication blocks access to a user’s account even when the correct username/password combination is used. To access an account the user needs to also insert a special code that is either sent to him by the company or generated dynamically on a device. So even in the event of hackers getting access to a user's password they couldn't do too much with it. The system would also notify a user when their account is being attacked.

Other companies such as banks have been using two step authentication for a long time as it is a much more secure method than tradition passwords. Even consumer companies such as Microsoft and Google have this feature implemented for their users and it is encouraging to see Twitter is finally taking threats seriously and helping protect its users.

News of Twitter taking this step seems to have originated from a job posting on Twitter’s website for a “software engineer-product security” whose responsibilities would include to “design and develop user facing security features, such as multifactor authentication and fraudulent login detection”. It remains to be seen how soon this feature will be implemented but following recent events one thing is certain: the sooner the better.

Source: The Guardian Image via Aspirelocal

Report a problem with article
Previous Story

TechSpot: Cooler Master HAF XB Review

Next Story

Microsoft launches Quick Start Guides for Office 2013

17 Comments

Commenting is disabled on this article.

As some who doesn't use twitter at all, you are saying that they don't already have a two-factor system in place? Wouldn't that be a no-brainer?

two pass authentication = 2 x burden for the user.

Two pass authentication should be used only in vital system, for regular sites, it is easiest to force user to use complex/ long password (+10 characters).

Brony said,
two pass authentication = 2 x burden for the user.

Two pass authentication should be used only in vital system, for regular sites, it is easiest to force user to use complex/ long password (+10 characters).

While that's true...if it was made available and the user didn't decide to utilise it the company involved could say "we offered you a solution"

How does two-factor authentication prevent against a server being hacked (breach of 250, 000 accounts)? The hackers in question almost certainly did not go through the normal login process.

If my gmail password was hacked, they still can't use my user name and password to log into any of Google's services. Same thing with my Dropbox account. If two-step authentication wasn't in place, anybody can use that information.

DarkNet said,
If my gmail password was hacked, they still can't use my user name and password to log into any of Google's services. Same thing with my Dropbox account. If two-step authentication wasn't in place, anybody can use that information.

Maybe you should look at how two-factor authentication works, you supply a password AND an OTP or something instead of an OTP. If the database is breached, this provides absolutely no security at all, all the tokens used on the OTP devices is plainly visible as is your hashed password.

No. Show me how that has been done before. Wall Street has been using that for a long time for their Bloomberg access. Google and Dropbox started using it as well. So I guess that is one more layer over Apple and Microsoft. If you are that concerned, why are you using Microsoft or Apple services?

If you are paranoid that even two-step authentication won't help, stop right now, unplug computer, throw cellphone out the window and walk away.

Except for the fact that if you connect it to your phone (gmail for example) and you randomly get a text message for the authentication code (unless they got around it some how), you know to change your password immediately.

I use Google Authenticator for Google and Dropbox. I don't get text messages. It has to be in synch with your phone. Not everyone at any given time get's the same code. For example, I can't have on both my Android and iPhone. It can only be one because the codes would be different (only one of them will be right).

tbh all sites should use two factor authentication, it bugs me that Outlook.com does not for example... unless it does now?!

Chinese are smarter , it will still get hacked !!!!

People are targeting these service more and more as the penalty and consequences for this action, even if you get caught is a lot less compare to hacking City Bank or such financial services.

More or less similar technology is used to secure financial services but random attacks are less compare to that faced by facebook and twitter or such.

Penalty has to be higher, law enforcement agencies need to prosecute these hackers with greater urgency to stop these acts as without that, two / three what ever method you adopt, there are always smarter people out there to screw with you.