After a series of nasty hacks of high-profile accounts, Twitter just turned on a feature that’s becoming the new normal in Web application security: two-factor authentication.
As the video above shows, Twitter users can now sign up to have a unique code sent to their phone by text message whenever they log in from a new computer. That ensures that any hacker who tries to steal your password, say with a phishing attack or keylogging spyware, would also have to compromise your phone, too, creating a serious security barrier.
“We occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web,” reads a blog post from Twitter announcing the scheme. “Today we’re introducing a new security feature to better protect your Twitter account: login verification.”
Twitter follows in the footsteps of Google, Apple, Microsoft and Facebook, as well as many major banks, who have all previously offered the two-factor security measure. The new safeguard may be a response to a very public string of Twitter account hacks that have hit news organizations in recent weeks ranging from the Associated Press to the Onion. A fake tweet from the AP’s hijacked account last month declared that explosions at the White House had left the President injured, sending the Dow Jones Industrial Average tumbling more than a hundred points before it was debunked. (Forbes reporter Kashmir Hill was one voice at the time calling for the two-factor fix.)
Typing in a code sent to your phone may seem like a bit of extra work every time you want to log into your Twitter account. But the extra step only occurs when logging in from a new machine–In most cases users will never notice the new setting. And it’s a small price to pay to prevent embarrassing or false information to be broadcast to your followers.
The individually-targeted account hacks weren’t the only security breaches Twitter has faced in recent months. It was also hit with an attack thatcompromised its servers holding information about 250,000 of its earliest and most active users. But the microblogging service has been taking big steps towards greater security in recent years, hiring NSA-trained security researcher Charlie Miller to lead its product security and acquiring security firms like cryptography-focused Whisper Systems and anti-malware firm Dasient.
Twitter’s blog post announcing the new feature hints that more security measures may be coming. “Much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future,” it reads. “Stay tuned.”
Turn on Twitter’s two-factor authentication here.
Post From: forbes