Twitter eyes two factor authentication

By

But adoption might lag.

Twitter has announced plans to implement two-factor authentication as an option to help users better protect their accounts.

Twitter eyes two factor authentication

A job listing posted by Twitter this week claimed the company is seeking software engineers to develop "user-facing security features, such as multi-factor authentication and fraudulent login detection".

The company has not commented on its plans.

Twitter uses the OAuth protocol via applications for authentication and secure socket layer (SSL) encryption to pass user credentials from web browsers and other Twitter clients.

Security researcher Robin Wood said he welcomed the extra security that two-factor authentication affords.

“Celebrities, politicians and companies are regularly getting their Twitter accounts taken over, most of the time this is done by simple password guessing or finding a password on another system which is reused on Twitter,” he said.

“The second factor would remove both of these vulnerabilities as even if the attacker got the password they wouldn't have the second factor. It won't completely remove the ability for a determined attacker to get in but it will stop a large number of the attacks.”

But two factor could become problematic in the long term, according to 451 Enterprise Security Group senior analyst Javvad Malik.

“It will only really be useful if you force users to sign in every time they want to use the application, possibly also sign them out after a certain period of inactivity," Malik said.

"Judging by how people actually use Twitter, I think this will become an overly laborious process that would cause more problems in the long term."

“In my opinion, it's not a Twitter problem; it ties into the wider internet authentication problem we're witnessing. How do you securely but conveniently authenticate users and how do web developers securely design apps so their password databases can't be breached? OAuth type technology is pretty good but much like mobile phone apps, users don't really pay attention to what permissions that app is asking for, they just want to fling birds across the screen.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
securitytwitter

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?