Twitter tests two-factor authentication

Twitter tests a two-factor authentication system internally, aimed at making it more difficult for hackers to take over users’ accounts

Twitter is testing a two-factor authentication system internally that is aimed at making it more difficult for hackers to take over users’ accounts.

The news follows this week’s hack of the Associated Press Twitter account in which hackers were able to post messages that claimed President Barack Obama had been injured in explosions at the White House.

Even though AP detected the hack within minutes and discredited the claims, the fake tweet affected markets, causing the Dow Jones Industrial Average and the Standard & Poor's 500 Index to dip.

News of Twitter’s plans to bolster security with two-factor authentication first emerged in February after the micro-blogging service was forced to reset 250,000 account passwords after a system breach.

The planned security system requires users to enter a one-time password (OTP) sent to their mobile phones whenever they log in from a computer or device they do not normally use, said AP reports.

The AP Twitter hack is the latest in a series of Twitter hijackings, which have included the accounts of CBS television’s show 60 Minutes and US National Public Radio.

Read more about two-factor authentication

The takeover of the AP Twitter account was preceded by phishing emails sent to staff members with the intention of tricking them into revealing their usernames and passwords.

Once the two-factor authentication system requiring an OTP comes in, hackers will be unable to gain access to accounts even if they are able to steal usernames and passwords.  

Twitter is expected to introduce the two-factor authentication system in phases, but the firm has not yet announced when the roll-out will begin.

Although the system will improve security, it is still unclear how it will work or what impact it will have on productivity in organisations where Twitter accounts are maintained by several staff members.

Google introduced a similar two-factor authentication system for its Gmail service in 2011, and  Dropbox announced it was to implement two-factor authentication in 2012.

Last week, Microsoft announced that it is to expand its two-factor authentication to all services as an option in the latest version of the Microsoft account logon service.

“With this release you can choose to protect your entire account with two-step verification, regardless of what service (or device) you are using with your Microsoft account,” said Eric Doerr, group programme manager in a blog post.

“It’s your choice whether you want to enable this, but for those of you that are looking for ways to add additional security to your account, we’ve worked hard to make set-up really easy,” he said.

Read more on Identity and access management products