We Asked and We Received: Twitter Gets Two-Factor Authentication
Twitter was atwitter yesterday with news of a big change to the site’s security protocols: users can now choose to enable two-factor authentication. That’s big news for everyone, even if you don’t use the social media site. After all, remember that fake tweet by a hacker that caused the stock market to briefly nosedive?
The new feature, which must be enabled by individual users, requires two steps to log in. You first enter your password (as always). Second, the system sends you a text message with a six-digit code that must be entered to get access to the account. It begs two very important questions: what about organizations and what about third-party tweeting apps?
Big Organizations
The big Twitter hacks that caused national panic (or, when The Onion was hacked, Internet hilarity) weren't of individual users. If your account gets hacked, you'll most likely just tweet spam or viruses. That's bad, but not stock-market-collapse-bad. When Syrian hackers tweeted a false alert about an explosion killing the president on the Associated Press' Twitter account, it had a much more significant impact.
Of course, the phone-text-trick works great with users. It only adds a few seconds to the log in process and instantly makes your account much more secure. But what about organizations? Do you assign your social media chief's phone number to the account? What if they are on vacation and someone else needs to log in?
Third Party Apps
Many people use third-party apps to read, write, and schedule their tweets, as once you have more than a handful of people in your network, your tweet feed can get a bit overwhelming. For these apps, you have to visit the Twitter applications page, which will generate a temporary password to use when logging in to the app.
The Solution ... and a New Problem?
Perhaps this will be the solution for organizations. Manage your tweets through an outside application and then, if the social media guru is in Hawaii, you can get a temporary password to use on the app. Then again, what's to stop a hacker, who cracks your password (much like they did to the AP), from just using the temporary password feature to send tweets to your account through third-party apps?
Ah, forget it. You'd probably be better off hiring this guy to guard your account.
Related Resources:
- Want Secure Email and Cloud Storage? Do the Two Step (FindLaw's Technologist Blog)
- Onion's Twitter Gets Hacked; Still No Two-Factor Authentication (FindLaw's Technologist Blog)
- WordPress Sites Targeted by Hackers; Strong Password Myths (FindLaw's Technologist Blog)