Twitter is now offering two-factor authentication, a feature that could help prevent embarrassing security breaches.
Twitter users interested in activating two-factor authentication will need to head over to their account settings page and click the checkbox beside “Require a verification code when I sign in”:
Twitter will ask that the user add a phone number to their Twitter account; once this is done, it’s worth taking a few moments to access the “Mobile” tab on the account settings page (visible in the left-side bar) and adjust all the text-notification settings left on by default—that is, unless the user enjoys their phone buzzing at 2 AM with alerts of new followers:
After activating “Require a verification code when I sign in,” Twitter will send the user a test message (“Twitter can send verification codes to this device!”). From that point forward, a six-digit code (sent to that phone via SMS) will be needed in order to sign in.
“With login verification enabled, your existing applications will continue to work without disruption,” Jim O’Leary, a member of Twitter’s Product Security Team, wrote in a May 22 posting on the official Twitter blog. “If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.”
Other social networks and online services such as Facebook and Google already have two-factor authentication in place. In the wake of some high-profile hacks, it seemed inevitable that Twitter would adopt the feature as well. Back in April, for example, hackers allegedly associated with the Syrian Electronic Army hacked into the Associated Press Twitter account and posted a false message about a White House bombing, which led to a brief plunge in the stock market; combined with some other high-profile victims, including The Onion, the pressure must have been intense for Twitter executives to do something to bolster security.
But for businesses that rely on Twitter to interact with customers, two-factor authentication may not be enough to fully secure an account. Good security hygiene also involves limiting the total number of people with access to a corporate Twitter account, as well as logging Twitter access. Locking down third-party apps for posting Tweets can also help keep everything watertight.