Twitter begins rollout of two-factor authentication to limit account takeovers

Share this article:
Twitter begins rollout of two-factor authentication to limit account takeovers
Twitter begins rollout of two-factor authentication to limit account takeovers

Twitter has enabled two-factor authentication, the company announced Wednesday.

"Every day, a growing number of people login to Twitter," Jim O'Leary of Twitter's Product Security Team wrote in a blog post. "Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web."

The functionality will work similar to the way it does on Gmail.

Users opt in to the additional security feature in the "Settings" page and add a cell phone number. Then, each time they login to their account using their normal credentials, they are prompted to enter a six-digit verification code, which is sent via SMS to that phone number.

"With login verification enabled, your existing applications will continue to work without disruption," O'Leary wrote. "If you need to sign in to your Twitter account on other devices or apps, visit your 'Applications' page to generate a temporary password to login and authorize that application.'

Twitter has faced pressure to deploy two-factor capability in light of a number of highly publicized account takeovers, including one that targeted The Associated Press. In that case, the attackers, from the "Syrian Electronic Army," sent a tweet claiming there had been a bombing at the White House and President Obama was injured.

Not everyone is convinced, however, that an additional mode of authentication would be able to stop a dedicated hacker.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researcher discovers flaw in Amazon Kindle Library

A security expert discovered a vulnerability in Amazon's Kindle Library that could lead to cross-site scripting attacks and account compromises.

JPMorgan Chase might struggle to patch vulnerabilities quickly enough

This summer's attack on the bank's network might have helped hackers detect subtle vulnerabilities they could exploit in the future.

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.