After Months of Hacks, Twitter Launches Heightened Security Features
“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web,” product security team member Jim O’Leary wrote in a blog post.
“Today we’re introducing a new security feature to better protect your Twitter account: login verification,” he said.
The new feature comes in the wake of a string of widely publicized hacks of visible Twitter accounts, including those owned by news outlets like the Financial Times, the Guardian and others. Most recently, when the Associated Press account was hacked, a single alarmist tweet was enough to send U.S. stock markets into a tailspin, plunging the Dow by upward of 150 points in a matter of minutes.
For months, many have called for Twitter to introduce such new security features to remedy the ongoing hacks.
The process is much like other two-factor authentication services across the Web. When a user tries to log in to his or her profile, they’re asked to provide a cellphone number. Twitter sends an SMS message to that phone, and you’ll be asked to enter the code into your browser to continue the login. The new feature is optional, and must be turned on inside the settings menu.
Basically, it’s a way of locally identifying that you are, indeed, who you say you are. If someone is trying to hack into your Twitter account from another location, odds are they don’t have your cellphone as well to snag the verifiable code. It’s a service that other major Internet companies — like Facebook and Google — have provided for quite a while.
While added security measures help, they also potentially complicate the gears for folks who share Twitter accounts — namely, those run by brands and agencies, whose social media presences are managed by multiple people in different places.
This is likely why Twitter said in a recent email to publishers that only one computer should be designated for tweeting; it’s less secure to spread the account access across multiple systems.
Still, brands and publishers can choose not to turn on the feature — they’ll just have to practice other safe account measures like good password hygiene and limiting the number of people able to use the account.
Frankly, even if Twitter’s new feature is optional and far from a cure-all, it’s about time it showed up.