Twitter Releases New Authentication System to Reduce Risk from Hackers

By Ed Silverstein May 23, 2013

Twitter and its users can only take so many annoying pranks and overall nastiness.

Last month, the U.S. stock market took a temporary hit from a fake Twitter message that claimed to have originated from The Associated Press. Earlier in February, some 250,000 Twitter users had to reset credentials after passwords, user names and e-mail addresses were stolen. And in April, CBS News' programs "60 Minutes" and "48 Hours" also had their Twitter accounts hacked.

Now, the popular micro-blogging site has come up with an authentication method to improve security. It is called login verification.

“This is a form of two-factor authentication,” Twitter security specialist Jim O’Leary explained in a blog post. “When you sign into twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed e-mail address.”

To generally understand what Twitter is up to, a video explains the new method, telling users, “Help Us Help You. Protect Your Account.”

Here is how it works: go on the account settings page. Select “Require a verification code when I sign in.” Click on link to “add a phone” and follow the prompts. Enter a six-digit code sent to a telephone via SMS each time signing in to twitter.com.

“With login verification enabled, your existing applications will continue to work without disruption,” the micro-blogging site said. “If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to login and authorize that application.”

More security improvements may be on the way – and O’Leary says that “much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned.”

The new authentication system is similar to the one offered by Facebook – and will help Twitter to improve its reputation as a secure site, CNET reports.

“The additional security measure certainly complicates the login process, but the extra step is one many Twitter users, particularly brand users, will welcome with open arms,” CNET said.

Also, the move by Twitter, if it’s successful, is important. Not only were there temporary losses on Wall Street due to the fake AP tweet, the world was incorrectly told that two explosions took place in the White House and that President Barack Obama was injured, according to TechZone360.  

Yet, there are still issues with shared accounts under the new method.

“It may not help shared accounts like big brands and news agencies where multiple people need to be able to log in and out but only one phone number can get the login verification codes,” TechCrunch warned. “The brands and news outlets whose accounts are the most valuable to hackers may not benefit from the feature. They can only set one phone number as the recipient of the two-factor authentication codes, but may have several staff members who need to access the account. If they enabled it, whoever carried the phone registered with Twitter would have to relay the code to all the other staffers to get it to whoever needed it. That hassle might prevent shared accounts from turning on login verifications, and so the hackings may continue.”

There are other limitations to the new method, as well. It doesn’t work with mobile apps. Also, someone needs to have an operating cell phone to receive the text message. Perhaps these limitations will be addressed soon by Twitter.

But it was clear that some steps needed to be taken by Twitter quickly. Security breaches into Twitter accounts are not limited to the famous and powerful. Regular folks are attacked, too.

"We occasionally hear from people whose accounts have been compromised by e-mail phishing schemes or a breach of password data elsewhere on the Web," O’Leary said in the blog post.




Edited by Alisen Downey

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More

Satellite Imaging - Petabytes of Developer, Business Opportunities

By: Doug Mohney    4/11/2018

Hollywood has programmed society into believing satellite imaging as a magic, all-seeing tool, but the real trick is in analysis. Numerous firms are f…

Read More