Malware, Phishing, Threat Management

Twitter begins rollout of two-factor authentication to limit account takeovers

Twitter has enabled two-factor authentication, the company announced Wednesday.

"Every day, a growing number of people login to Twitter," Jim O'Leary of Twitter's Product Security Team wrote in a blog post. "Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web."

The functionality will work similar to the way it does on Gmail.

Users opt in to the additional security feature in the "Settings" page and add a cell phone number. Then, each time they login to their account using their normal credentials, they are prompted to enter a six-digit verification code, which is sent via SMS to that phone number.

"With login verification enabled, your existing applications will continue to work without disruption," O'Leary wrote. "If you need to sign in to your Twitter account on other devices or apps, visit your 'Applications' page to generate a temporary password to login and authorize that application.'

Twitter has faced pressure to deploy two-factor capability in light of a number of highly publicized account takeovers, including one that targeted The Associated Press. In that case, the attackers, from the "Syrian Electronic Army," sent a tweet claiming there had been a bombing at the White House and President Obama was injured.

Not everyone is convinced, however, that an additional mode of authentication would be able to stop a dedicated hacker.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.