Remember meForgot password?
    Log in with Twitter

article imageTwitter to roll out two-factor authentication 'soon'

By Anne Sewell     Apr 25, 2013 in Internet
In the wake of recent attacks on Twitter accounts, including that of Associated Press on Wednesday, Twitter is planning to roll out two-factor authentication to make things a little more secure.
Digital Journal reported on Wednesday that AP's Twitter account had been hacked by the Syrian Electronic Army. They tweeted that the White House had been bombed and that President Barack Obama had been injured, causing a panic in the stock exchange.
Of course, this is not the first time that an important Twitter account has been taken over and used for bad, including that of CBS's 60 Minutes.
On Wednesday, Tony Busseri, CEO of Route 1, a cybersecurity firm with clients such as the US Department of Defence told ABC News, "To address the breach and other ones that have happened, the number one thing that needs to happen is we need to move from single authentication to multiple factors."
"Without that, we continue to be at risk," he added. "The punch line: A username and password are not enough to confirm an individual's identity."
According to McAfee security expert Robert Siciliano, "Two factor is two ways of authenticating who you are."
"Two factor, generally, by definition is something you know and something that you have or you are."
Now it seems Twitter is running some internal tests to put more security in place, including two-factor authentication.
Two-factor, or multi-factor, authentication would require a user to enter their username and password as normal, but they must also prove their identity through another factor, for example inputting a one-time password sent to their mobile device.
The multi-factor authentication has been introduced by other companies in the past few years, including Amazon Web Services, Blizzard's Battle.Net, Dropbox, Facebook, Google, Yahoo and Valve's Steam. Microsoft reportedly also began rolling out two-factor authentication last week and issues one time codes by text message. If a user is not connected to a mobile network, the code is generated by a smartphone app called Microsoft Authenticator.
In early February, Twitter reset over 250,000 passwords on noticing unusual access patterns. Apparently they even posted a job vacancy recently for a security engineer to start developing a multi-factor authentication system.
Wired, however, is pointing out one problem raised by two-factor authentication on Twitter and this is how to deliver one-time passwords to accounts with multiple user access, through a variety of applications.
Google has apparently got around this problem through the use of "application-specific passwords". This allows users to establish a network of trusted devices on accounts where two-factor is enabled. For example, an application protected by the password allows the user to establish ongoing access. When accessing Gmail through an email client like Outlook or Apple's Mail, it does not require a new code each time.
Wired is saying that while two-step is not the perfect solution, it will at least help to protect against the current hacking threat.
More about Twitter, Tweet, two factor, authentication, Hacking
More news from