Twitter Adds Two-Factor Authentication for Users

After a string of high-profile account compromises that included the Associated Press and Burger King, Twitter has added an additional (but optional) layer of authentication to help protect users from being the next big-name account that's compromised.By adding a second-factor of authentication (that's to say, beyond the user's password), Twitter is able to provide a higher-level of integrity to the authentication process by utilizing a user's cell phone number to send an SMS with a one-time token. In this manner, a compromised password will not yield account access unless that same attacker is able to intercept the SMS or steal the user's phone. Clearly, this is a great step in the right direction and something other companies have done previously, such as Dropbox and Facebook.If you or your company wants to proactively protect a Twitter account, simply review the step-by-step directions posted by CNET. By enabling this extra step, the likelihood of an attacker compromising a Twitter account will generally plummet (save for some very sophisticated attackers).As end-users, the best way to get other companies to follow-suit is to use these types of features when made available to show that demand exists. Through implementation of two-factor authentication, the user once again has a fighting chance against password brute-forcing and general phishing attacks.

Topics: Information Security, Security Architecture Review