Twitter eyes two factor authentication

By on
Twitter eyes two factor authentication

But adoption might lag.

Twitter has announced plans to implement two-factor authentication as an option to help users better protect their accounts.

A job listing posted by Twitter this week claimed the company is seeking software engineers to develop "user-facing security features, such as multi-factor authentication and fraudulent login detection".

The company has not commented on its plans.

Twitter uses the OAuth protocol via applications for authentication and secure socket layer (SSL) encryption to pass user credentials from web browsers and other Twitter clients.

Security researcher Robin Wood said he welcomed the extra security that two-factor authentication affords.

“Celebrities, politicians and companies are regularly getting their Twitter accounts taken over, most of the time this is done by simple password guessing or finding a password on another system which is reused on Twitter,” he said.

“The second factor would remove both of these vulnerabilities as even if the attacker got the password they wouldn't have the second factor. It won't completely remove the ability for a determined attacker to get in but it will stop a large number of the attacks.”

But two factor could become problematic in the long term, according to 451 Enterprise Security Group senior analyst Javvad Malik.

“It will only really be useful if you force users to sign in every time they want to use the application, possibly also sign them out after a certain period of inactivity," Malik said.

"Judging by how people actually use Twitter, I think this will become an overly laborious process that would cause more problems in the long term."

“In my opinion, it's not a Twitter problem; it ties into the wider internet authentication problem we're witnessing. How do you securely but conveniently authenticate users and how do web developers securely design apps so their password databases can't be breached? OAuth type technology is pretty good but much like mobile phone apps, users don't really pay attention to what permissions that app is asking for, they just want to fling birds across the screen.”

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:
security twitter

Most Read Articles

Telstra to launch low-cost mobile brand

Telstra to launch low-cost mobile brand
NBN chief tells Vodafone to accept prices or walk

NBN chief tells Vodafone to accept prices or walk
Westpac sees big early savings from cloud shift

Westpac sees big early savings from cloud shift
Microsoft to launch Azure in Canberra in push for sensitive govt data

Microsoft to launch Azure in Canberra in push for sensitive govt data
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?