If there’s one social network that we’d have to put at the top of the list for its vulnerabilities, it would be Twitter. Fortunately, and after an anticipated wait, Twitter is rolling out a two-factor authentication security feature. Better late than never.
Lately Twitter has been in the headlines for all the wrong reasons. Twitter accounts have been under attack by the Syrian Electronic Army lately – and this included a targeted hack on The Associated Press that gave the U.S. economy a scare. One positive side effect of these security issues is that Twitter has likely been rushing to address vulnerabilities by getting two-factor authentication out to users as soon as possible.
The two-factor authentication system that Twitter is rolling out (the exact date is unclear) is the same system Wired found Twitter to be working on, as we reported last month. From a user perspective, the system is rather simple: First you’ll have to opt-in. Simply navigate to the gear icon at the top of the page on your account, and click on “Settings” from the drop-down menu. The account settings page will open up and all you have to do from there is to scroll down to the bottom of the page where you’ll find the “Account security” tab. Check the box next to “Require a verification code when I sign in.”
Once that’s done every single time you sign into Twitter, you’ll be prompted to type a six-digit code that’s sent to your phone via SMS.
Considering how easy it is to hack Twitter accounts – a common hobby among bored teens – two-factor authentication (despite the hassle) will be a bonus to individual users, and a necessity to corporate, brand, and mass media accounts.
However the new feature doesn’t come without drawbacks, which are more significant for business-oriented accounts. Since each account will be tied to one phone number, it means that if multiple people are managing or using the account, it could be a hassle to log in. We reached out to Twitter’s spokespeople about this dilemma, but we haven’t heard back on whether there’s a solution or workaround yet.
Further complicating matters is the fact that Twitter admits that since the authentication works via SMS, not every carrier may support these types of text messages.
Still, two-factor authentication and the backend server-side framework to support these security features is a start for a company that’s stayed mum about its sketchy security issues in the past. And it’s comforting to know that Twitter now plans on “delivering more account security enhancements in the future.”
Check out the video below to see how the new security feature works.