After a series of high profile attacks to various Twitter accounts, such as hacks to the British Broadcasting Channel, the Associated Press, and a dozen of other prominent media outlets, Twitter has decided to roll out a new, two-factor authentication to help users prevent unwanted intrusions after receiving much criticism from security experts.
In a blog post, Twitter said that it would begin offering an optional “two-factor” verification system, asking users to register a phone number, e-mail account and six-digit code that would have to be entered, via text message, each time they log in to the site.
Two-step authentication is by no means foolproof… attackers could still hijack a user’s account by impersonating Twitter in what is known as a man-in-the-middle attack. “Right now Twitter’s 2FA (two-factor authentication) is more likely to be welcomed by individuals who own personal accounts, and small companies with a Twitter presence, than embraced by the high profile victims attacked by the (hacker group) Syrian Electronic Army in the past,” Graham Cluley, of Sophos Security, wrote on his blog.
However, this does raise the bar for account security and “makes hacking into an account significantly harder,” according to Mr. Risher, a co-founder of Impermium, a security start-up focused on social media.
- Twitter’s Two-Factor Authentication (thenewsinformer.com)
- How to Hack Twitter’s Two-Factor Authentication (securitywatch.pcmag.com)
- After Hijackings, Twitter Adds Two-Step Security Feature (bits.blogs.nytimes.com)