Less than a week after Twitter was hacked, leading to some 250,000 people having their accounts compromised (were you affected?), and it appears that Twitter may be looking into two-factor authentication as a means of beefing up security.
Thats according to The Guardian who said,
“Twitter plans to introduce a “two-factor authentication” option that would make it impossible for hackers or vandals to break into accounts – even if they acquired the passwords.”
This news follows a job posting made by the social networking giant for a Product Security Software Engineer –
“Do you like to code? Do you like security? Have we got the perfect position for you! Twitter’s Product Security team is hiring engineers to build a more secure platform and user experience.”
Of course that doesn’t guarantee that two-factor authentication will appear on Twitter though one of the lines under the job description does say –
“Design and develop user-facing security features, such as multifactor authentication and fraudulent login detection.”
– which would imply that it is certainly something that is being considered at the very least. And thats a good thing in my opinion.
What is two-factor authentication?
As the name imply it is a system of logging in that requires two steps in order to be successful. You may, for example, have seen it with online banking where you login not only with a username and password but also by using a device that generates a random set of numbers via your debit card. This code is only valid for a very short period of time which makes it that much harder for a hacker who won’t (hopefully) have access to either your card or the device used to generate the random number.
With Twitter it could work by authorising a particular device for logging in, i.e. your desktop computer or mobile phone. To authorise the device Twitter could send you a code. Whenever you add another device from which you intend to login you would need a new code which could be sent to your phone for instance. Without said phone a hacker would be unable to acquire that code and, hence, would be unable to login without physical access to your own equipment.