Twitter passwords are just too easy to crack. But according to Wired, the platform is finally getting its act together and working on a sorely-needed two-step authentication system.
We’ve even taken an inside look at the flourishing black market for hacked Twitter accounts, and it’s clear that much of this activity is being controlled by inexperienced hackers who are willing to compromise and takeover an account for less than $100, in most cases.
While hacking Twitter accounts isn’t terrible difficult, the consequences are very real. Recently, we witnessed the effects a falsified tweet can have in the real world. The Associated Press’ Twitter account was surreptitiously hacked and in turn tweeted out something that would make you jump in your seat. At least it made investors very, very nervous. The @AP account, which was temporarily suspended (but is now back up) tweeted, “Breaking: Two Explosions in the White House and Barack Obama is injured.” The stock market took a dive in response to the hoax and a hacker group calling itself the Syrian Electronic Army claimed responsibility.
That White House hoax is just the latest public hack since NPR’s Twitter accounts were compromised, along with CBS’s account. And if it’s of any concern, North Korea’s Twitter account was recently hacked by Anonymous.
So what is Twitter to do? When pressed in the past about its security vulnerabilities, it’s done little more than throw around generic PR statements talking about how security is a priority at Twitter.
Ironically for a company that was mobile first, you’d think that two-factor authentication (which sends a code to a mobile device when logging in using a new device or a device in a new country) would be a feature they would have implemented from the get-go. Thankfully, it should be on the way. There’s no release date for the feature, but we’ve reached out to Twitter for comment and will update this space with the company’s reply.
The one issue though that poses a problem when it comes to two-step authentication is when there are multiple managers of one account. One account is tied to one mobile phone number so in the case of a two-step authentication process, one person would have to receive the SMS from Twitter and relay that code to the person trying to access the account from a different device. That could be one solution, but we’ll leave it up to Twitter’s engineers to solve that problem more efficiently.