Twitter May Enhance Security With Two-Factor Authentication

Less than a week after Twitter was hacked, leading to some 250,000 people having their accounts compromised (were you affected?), and it appears that Twitter may be looking into two-factor authentication as a means of beefing up security.


Thats according to The Guardian who said,

“Twitter plans to introduce a “two-factor authentication” option that would make it impossible for hackers or vandals to break into accounts – even if they acquired the passwords.”
The Guardian

This news follows a job posting made by the social networking giant for a Product Security Software Engineer –

“Do you like to code? Do you like security? Have we got the perfect position for you! Twitter’s Product Security team is hiring engineers to build a more secure platform and user experience.”

Of course that doesn’t guarantee that two-factor authentication will appear on Twitter though one of the lines under the job description does say –

“Design and develop user-facing security features, such as multifactor authentication and fraudulent login detection.”

– which would imply that it is certainly something that is being considered at the very least. And thats a good thing in my opinion.

What is two-factor authentication?

As the name imply it is a system of logging in that requires two steps in order to be successful. You may, for example, have seen it with online banking where you login not only with a username and password but also by using a device that generates a random set of numbers via your debit card. This code is only valid for a very short period of time which makes it that much harder for a hacker who won’t (hopefully) have access to either your card or the device used to generate the random number.

With Twitter it could work by authorising a particular device for logging in, i.e. your desktop computer or mobile phone. To authorise the device Twitter could send you a code. Whenever you add another device from which you intend to login you would need a new code which could be sent to your phone for instance. Without said phone a hacker would be unable to acquire that code and, hence, would be unable to login without physical access to your own equipment.

Read more on two-factor authentication.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind