Twitter eyes two factor authentication

By on
Twitter eyes two factor authentication

But adoption might lag.

Twitter has announced plans to implement two-factor authentication as an option to help users better protect their accounts.

A job listing posted by Twitter this week claimed the company is seeking software engineers to develop "user-facing security features, such as multi-factor authentication and fraudulent login detection".

The company has not commented on its plans.

Twitter uses the OAuth protocol via applications for authentication and secure socket layer (SSL) encryption to pass user credentials from web browsers and other Twitter clients.

Security researcher Robin Wood said he welcomed the extra security that two-factor authentication affords.

“Celebrities, politicians and companies are regularly getting their Twitter accounts taken over, most of the time this is done by simple password guessing or finding a password on another system which is reused on Twitter,” he said.

“The second factor would remove both of these vulnerabilities as even if the attacker got the password they wouldn't have the second factor. It won't completely remove the ability for a determined attacker to get in but it will stop a large number of the attacks.”

But two factor could become problematic in the long term, according to 451 Enterprise Security Group senior analyst Javvad Malik.

“It will only really be useful if you force users to sign in every time they want to use the application, possibly also sign them out after a certain period of inactivity," Malik said.

"Judging by how people actually use Twitter, I think this will become an overly laborious process that would cause more problems in the long term."

“In my opinion, it's not a Twitter problem; it ties into the wider internet authentication problem we're witnessing. How do you securely but conveniently authenticate users and how do web developers securely design apps so their password databases can't be breached? OAuth type technology is pretty good but much like mobile phone apps, users don't really pay attention to what permissions that app is asking for, they just want to fling birds across the screen.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
security twitter
In Partnership With

Most Read Articles

Australia gets world-first encryption busting laws

Australia gets world-first encryption busting laws
NAB's public cloud expansion ran without internal IT staff

NAB's public cloud expansion ran without internal IT staff
Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown

Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown
NBN Co may have to pay users stuck in congested wireless cells

NBN Co may have to pay users stuck in congested wireless cells
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Automate and secure IOT for Business
Automate and secure IOT for Business
Data Science and AI Solutions for Cybersecurity
Data Science and AI Solutions for Cybersecurity
Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider

Events

Log In

Username / Email:
Password:
  |  Forgot your password?