Twitter Releases New Authentication System to Reduce Risk from Hackers

By Ed Silverstein May 23, 2013

Twitter and its users can only take so many annoying pranks and overall nastiness.

Last month, the U.S. stock market took a temporary hit from a fake Twitter message that claimed to have originated from The Associated Press. Earlier in February, some 250,000 Twitter users had to reset credentials after passwords, user names and e-mail addresses were stolen. And in April, CBS News' programs "60 Minutes" and "48 Hours" also had their Twitter accounts hacked.

Now, the popular micro-blogging site has come up with an authentication method to improve security. It is called login verification.

“This is a form of two-factor authentication,” Twitter security specialist Jim O’Leary explained in a blog post. “When you sign into twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed e-mail address.”

To generally understand what Twitter is up to, a video explains the new method, telling users, “Help Us Help You. Protect Your Account.”

Here is how it works: go on the account settings page. Select “Require a verification code when I sign in.” Click on link to “add a phone” and follow the prompts. Enter a six-digit code sent to a telephone via SMS each time signing in to twitter.com.

“With login verification enabled, your existing applications will continue to work without disruption,” the micro-blogging site said. “If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to login and authorize that application.”

More security improvements may be on the way – and O’Leary says that “much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned.”

The new authentication system is similar to the one offered by Facebook – and will help Twitter to improve its reputation as a secure site, CNET reports.

“The additional security measure certainly complicates the login process, but the extra step is one many Twitter users, particularly brand users, will welcome with open arms,” CNET said.

Also, the move by Twitter, if it’s successful, is important. Not only were there temporary losses on Wall Street due to the fake AP tweet, the world was incorrectly told that two explosions took place in the White House and that President Barack Obama was injured, according to TechZone360.  

Yet, there are still issues with shared accounts under the new method.

“It may not help shared accounts like big brands and news agencies where multiple people need to be able to log in and out but only one phone number can get the login verification codes,” TechCrunch warned. “The brands and news outlets whose accounts are the most valuable to hackers may not benefit from the feature. They can only set one phone number as the recipient of the two-factor authentication codes, but may have several staff members who need to access the account. If they enabled it, whoever carried the phone registered with Twitter would have to relay the code to all the other staffers to get it to whoever needed it. That hassle might prevent shared accounts from turning on login verifications, and so the hackings may continue.”

There are other limitations to the new method, as well. It doesn’t work with mobile apps. Also, someone needs to have an operating cell phone to receive the text message. Perhaps these limitations will be addressed soon by Twitter.

But it was clear that some steps needed to be taken by Twitter quickly. Security breaches into Twitter accounts are not limited to the famous and powerful. Regular folks are attacked, too.

"We occasionally hear from people whose accounts have been compromised by e-mail phishing schemes or a breach of password data elsewhere on the Web," O’Leary said in the blog post.




Edited by Alisen Downey

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More

Contribute Your Brain Power to The New Intelligence

By: Paula Bernier    6/28/2018

The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…

Read More

TMC Launches The New Intelligence - an Unparalleled AI and Machine Learning Conference & Expo in Florida

By: TMCnet News    6/28/2018

TMC announced the launch of The New Intelligence conference and expo - The Event Powering the AI Revolution. This exciting new event will take place o…

Read More