At Last Twitter Beefs Up Security With Two-Factor Verification
After high-profile hacks, Twitter has added an extra security layer.
May 22, 2013 — -- Think back over the past few months to more than a few high-profile Twitter hacks.
Burger King's account was hacked to look like McDonald's. Then there was Jeep's account, which sent out plenty of nonbrand-friendly language. And finally, and more seriously, the the Associated Press' account was taken over by hackers who told the media outlet's millions of followers that bombs had exploded at the White House.
Starting today, though, Twitter users will have an added security feature intended to help prevent those types of hacks. The social network has rolled out a log in, or two-step, verification process, which requires users to confirm their identity with two pieces of log in information.
RELATED: 10 Tips for Staying Safe Online and on Social Networks
When you enable the feature through the settings area on Twitter.com, you'll be asked to input your phone number. Going forward when you try to log in to Twitter, you will enter your regular password, and then Twitter will send you a text message with a verification code. When you get that text message with that code, you will then have to input that string of numbers and letters to get in. The idea is that there are two pieces of information to confirm that you are who you say you are.
"Two factor is two ways of authenticating who you are," McAfee security expert Robert Siciliano told ABC News. "Two factor, generally, by definition is something you know and something that you have or you are." In this case, you know your password, and you have your smartphone.
The new feature will be available today to all Twitter users, although it does require a working cell phone to get it going. Also, it is only really useful to those who run independent accounts, not shared accounts. For example, the AP or ABC News account is run by multiple users, who don't share one cellphone.
Twitter says it is also working on additional features.
"However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account-security enhancements in the future. Stay tuned," Jim O'Leary of Twitter's product security team said in a blog post.
But just this step has given many users and security experts what they wanted.
"This is what they should have been doing years ago," Siciliano said. "Now that Twitter has become the de facto social network of major news networks and law enforcement agencies to get the word out, this was required."