+ Post New Thread
Results 1 to 2 of 2
IT News Thread, Twitter begins two-factor authentication roll out in Other News; Worth enabling if you want to keep your Twitter account secure. Source : Official Twitter Blog / Twitter Every day, ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,125
    Thank Post
    203
    Thanked 2,390 Times in 1,770 Posts
    Rep Power
    704

    Twitter begins two-factor authentication roll out

    Worth enabling if you want to keep your Twitter account secure.

    Source: Official Twitter Blog / Twitter

    Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.

    Today we're introducing a new security feature to better protect your Twitter account: login verification.

    This is a form of two-factor authentication. When you sign in to twitter.com, thereís a second check to make sure itís really you. Youíll be asked to register a verified phone number and a confirmed email address.

  2. #2


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,125
    Thank Post
    203
    Thanked 2,390 Times in 1,770 Posts
    Rep Power
    704
    Why on earth did Twitter not use the popular RFC 6238 standard? If they had, you would be able to use Google's Authenticator app.

    Like Google's two-factor authentication, Twitter's login verification sends a code via SMS to be entered to confirm login. But unlike Google's system, the code will be sent every time users sign into Twitter through its website. This is the case even if it's from a computer or device that they've logged in from before. The phone has to be enrolled through Twitter's existing SMS service firstóyou have to text a code to Twitter to verify the phone first, which may not work with some phone carriers. The relationship between phones and accounts is also strictly one-to-one: if you have a shared business account, you're going to need to share a phone number too. If you have multiple accounts and only one phone number, then you can only secure a single account.

    There are some additional limitations to Twitter's scheme. Other mobile devices and applications (such as HootSuite and TweetDeck) will have to be configured individually as they're added, using a temporary password generated through Twitter's applications page to be authorized on first login. Unlike the RFC 6238 scheme used by Google, Facebook, and Microsoft, there's no way to use standard, generic authentication apps to generate time-based, one-time passwords. So if you can't get the SMS, you're out of luck. And unlike those systems, there's no facility to create persistent application-specific passwords. (Source)

SHARE:
+ Post New Thread

Similar Threads

  1. Remote access and Two Factor Authentication
    By gjames in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 8th February 2010, 09:16 AM
  2. Two factor authentication
    By k-mart in forum Windows
    Replies: 0
    Last Post: 28th October 2006, 04:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •