Twitter eyes two factor authentication

By on
Twitter eyes two factor authentication

But adoption might lag.

Twitter has announced plans to implement two-factor authentication as an option to help users better protect their accounts.

A job listing posted by Twitter this week claimed the company is seeking software engineers to develop "user-facing security features, such as multi-factor authentication and fraudulent login detection".

The company has not commented on its plans.

Twitter uses the OAuth protocol via applications for authentication and secure socket layer (SSL) encryption to pass user credentials from web browsers and other Twitter clients.

Security researcher Robin Wood said he welcomed the extra security that two-factor authentication affords.

“Celebrities, politicians and companies are regularly getting their Twitter accounts taken over, most of the time this is done by simple password guessing or finding a password on another system which is reused on Twitter,” he said.

“The second factor would remove both of these vulnerabilities as even if the attacker got the password they wouldn't have the second factor. It won't completely remove the ability for a determined attacker to get in but it will stop a large number of the attacks.”

But two factor could become problematic in the long term, according to 451 Enterprise Security Group senior analyst Javvad Malik.

“It will only really be useful if you force users to sign in every time they want to use the application, possibly also sign them out after a certain period of inactivity," Malik said.

"Judging by how people actually use Twitter, I think this will become an overly laborious process that would cause more problems in the long term."

“In my opinion, it's not a Twitter problem; it ties into the wider internet authentication problem we're witnessing. How do you securely but conveniently authenticate users and how do web developers securely design apps so their password databases can't be breached? OAuth type technology is pretty good but much like mobile phone apps, users don't really pay attention to what permissions that app is asking for, they just want to fling birds across the screen.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
security twitter
In Partnership With

Most Read Articles

NSW puts digital driver's licence on a blockchain

NSW puts digital driver's licence on a blockchain
ANZ breaks out LEGO to bust staff silos

ANZ breaks out LEGO to bust staff silos
UNSW researchers find FTTP NBN worth the extra billions

UNSW researchers find FTTP NBN worth the extra billions
NSW transit officers can't check credit card tap-ons

NSW transit officers can't check credit card tap-ons
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report

Events

Log In

Username / Email:
Password:
  |  Forgot your password?