Twitter Gives Two-Factor Security a Second Shot
Unlike Google Authenticator, Twitter's new log-in verification, creates a dependency on the data capability of the smartphone, Qualys' Kandek said, adding that while Google Authenticator locally generates its password codes, Twitter receives information over the Web. Google Authenticator is also an extensible platform that multiple other services use. "I now have Google authenticator for my WordPress, Lastpass and my Linux machine at home beyond my normal Gmail accounts," Kandek said. Twitter's log-in verification is a little easier to use, Ken Pickering, director of engineering at CORE Security, said. With Twitter, the log-in verification is within the application itself, whereas Google still requires users to switch back and forth between apps to see the second factor. The extra step with Google is potentially a hurdle in getting users to adopt two-factor authentication, Pickering told eWEEK."The problem remains that users are looking to use their mobile devices as the main platform, rather than an additional factor, so usability remains a challenge," Cowper said. "All of these solutions aren't designed for the mobile first experience." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Jamie Cowper, senior director at Nok Nok Labs, told eWeek that although the underlying technology is different in Twitter's new log-in verification, the end-user experience is similar to Google Authenticator.