Twitter Releases New Authentication System to Reduce Risk from Hackers

By Ed Silverstein May 23, 2013

Twitter and its users can only take so many annoying pranks and overall nastiness.

Last month, the U.S. stock market took a temporary hit from a fake Twitter message that claimed to have originated from The Associated Press. Earlier in February, some 250,000 Twitter users had to reset credentials after passwords, user names and e-mail addresses were stolen. And in April, CBS News' programs "60 Minutes" and "48 Hours" also had their Twitter accounts hacked.

Now, the popular micro-blogging site has come up with an authentication method to improve security. It is called login verification.

“This is a form of two-factor authentication,” Twitter security specialist Jim O’Leary explained in a blog post. “When you sign into twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed e-mail address.”

To generally understand what Twitter is up to, a video explains the new method, telling users, “Help Us Help You. Protect Your Account.”

Here is how it works: go on the account settings page. Select “Require a verification code when I sign in.” Click on link to “add a phone” and follow the prompts. Enter a six-digit code sent to a telephone via SMS each time signing in to twitter.com.

“With login verification enabled, your existing applications will continue to work without disruption,” the micro-blogging site said. “If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to login and authorize that application.”

More security improvements may be on the way – and O’Leary says that “much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned.”

The new authentication system is similar to the one offered by Facebook – and will help Twitter to improve its reputation as a secure site, CNET reports.

“The additional security measure certainly complicates the login process, but the extra step is one many Twitter users, particularly brand users, will welcome with open arms,” CNET said.

Also, the move by Twitter, if it’s successful, is important. Not only were there temporary losses on Wall Street due to the fake AP tweet, the world was incorrectly told that two explosions took place in the White House and that President Barack Obama was injured, according to TechZone360.  

Yet, there are still issues with shared accounts under the new method.

“It may not help shared accounts like big brands and news agencies where multiple people need to be able to log in and out but only one phone number can get the login verification codes,” TechCrunch warned. “The brands and news outlets whose accounts are the most valuable to hackers may not benefit from the feature. They can only set one phone number as the recipient of the two-factor authentication codes, but may have several staff members who need to access the account. If they enabled it, whoever carried the phone registered with Twitter would have to relay the code to all the other staffers to get it to whoever needed it. That hassle might prevent shared accounts from turning on login verifications, and so the hackings may continue.”

There are other limitations to the new method, as well. It doesn’t work with mobile apps. Also, someone needs to have an operating cell phone to receive the text message. Perhaps these limitations will be addressed soon by Twitter.

But it was clear that some steps needed to be taken by Twitter quickly. Security breaches into Twitter accounts are not limited to the famous and powerful. Regular folks are attacked, too.

"We occasionally hear from people whose accounts have been compromised by e-mail phishing schemes or a breach of password data elsewhere on the Web," O’Leary said in the blog post.




Edited by Alisen Downey

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More