Twitter Gives Two-Factor Security a Second Shot
For the second time in as many months, Twitter is trying to secure itself and its users with a new log-in verification system.Twitter is aiming to improve security for its users with an improved two-factor log-in verification system that goes beyond the SMS-based system that the company first deployed two months ago. Security experts eWeek spoke with have mixed opinions on whether Twitter's latest attempt at user security will really make a difference. Two-factor authentication refers to a site's or service's requirements for a second password or token in order to gain access. The idea is that a single username and password combination can potentially be breached, but adding in the second factor for authentication, increases the complexity and reduces the risk. Typically, two-factor authentication systems use a randomly generated password that is time-based, in order to make the log-in more secure. Twitter first implemented two-factor authentication in May, after the accounts of a number of high-profile media users were exploited. The initial May implementation relied on users receiving a Short Message Service (SMS) text on their smartphones in order to provide the two-factor log-in verification. Now, Twitter is enabling both Apple iOS and Google Android smartphone users to leverage their existing Twitter apps for the two-factor log-in verification process. With the new system, Twitter users enroll their smartphone apps in the log-in verification process with a simple settings box checkmark. Once that's done, whenever a browser-based log-in request comes in, the mobile Twitter app becomes the control point from which the user can approve access.
If the users lose or forget their phones, Twitter also now has a backup log-in verification code, that users are prompted to print and store, that can be used as well.