Twitter Releases New Authentication System to Reduce Risk from Hackers

By

Twitter and its users can only take so many annoying pranks and overall nastiness.

Last month, the U.S. stock market took a temporary hit from a fake Twitter message that claimed to have originated from The Associated Press. Earlier in February, some 250,000 Twitter users had to reset credentials after passwords, user names and e-mail addresses were stolen. And in April, CBS News' programs "60 Minutes" and "48 Hours" also had their Twitter accounts hacked.

Now, the popular micro-blogging site has come up with an authentication method to improve security. It is called login verification.

“This is a form of two-factor authentication,” Twitter security specialist Jim O’Leary explained in a blog post. “When you sign into twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed e-mail address.”

To generally understand what Twitter is up to, a video explains the new method, telling users, “Help Us Help You. Protect Your Account.”

Here is how it works: go on the account settings page. Select “Require a verification code when I sign in.” Click on link to “add a phone” and follow the prompts. Enter a six-digit code sent to a telephone via SMS each time signing in to twitter.com.

“With login verification enabled, your existing applications will continue to work without disruption,” the micro-blogging site said. “If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to login and authorize that application.”

More security improvements may be on the way – and O’Leary says that “much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned.”

The new authentication system is similar to the one offered by Facebook – and will help Twitter to improve its reputation as a secure site, CNET reports.

“The additional security measure certainly complicates the login process, but the extra step is one many Twitter users, particularly brand users, will welcome with open arms,” CNET said.

Also, the move by Twitter, if it’s successful, is important. Not only were there temporary losses on Wall Street due to the fake AP tweet, the world was incorrectly told that two explosions took place in the White House and that President Barack Obama was injured, according to TechZone360.  

Yet, there are still issues with shared accounts under the new method.

“It may not help shared accounts like big brands and news agencies where multiple people need to be able to log in and out but only one phone number can get the login verification codes,” TechCrunch warned. “The brands and news outlets whose accounts are the most valuable to hackers may not benefit from the feature. They can only set one phone number as the recipient of the two-factor authentication codes, but may have several staff members who need to access the account. If they enabled it, whoever carried the phone registered with Twitter would have to relay the code to all the other staffers to get it to whoever needed it. That hassle might prevent shared accounts from turning on login verifications, and so the hackings may continue.”

There are other limitations to the new method, as well. It doesn’t work with mobile apps. Also, someone needs to have an operating cell phone to receive the text message. Perhaps these limitations will be addressed soon by Twitter.

But it was clear that some steps needed to be taken by Twitter quickly. Security breaches into Twitter accounts are not limited to the famous and powerful. Regular folks are attacked, too.

"We occasionally hear from people whose accounts have been compromised by e-mail phishing schemes or a breach of password data elsewhere on the Web," O’Leary said in the blog post.




Edited by Alisen Downey

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More