How Twitter's Two-Step Authentication Will Safeguard Your Account
You may think your Twitter account is very secure, but hackers have methods of guessing even the most sophisticated passwords.
In light of a number of recent hacks, Twitter will roll out a two-step authentication process. In addition to providing a password, users will have to enter a randomly generated code sent to a device of their choice.
Wired reports that Twitter is currently testing this feature and will roll it out to the service's 200 million active users incrementally. Twitter has no solid release date for this feature yet, but it has been in development since at least February, and should be ready in the near future.
Twitter will join other popular tech companies — such as Google, Facebook, Yahoo and Apple — that have already implemented this process.
Two-step authentication is by no means foolproof, but it necessitates one extra step that can thwart all but the most dedicated hackers. Each time a user wants to log into a service, he or she must first enter a password, and then wait for an extra verification code, usually sent via a text message or a smartphone app.
The sooner the service launches, the better. Twitter has been at the ignominious center of a number of recent online scandals. International irritants in the Syrian Electronic Army recently hacked Twitter feeds for both CBS and the Associated Press, and spewed everything from alarmist rhetoric to links containing harmful malware.
After the hackers used the AP's account to tweet about a made-up attack on the White House and President Barack Obama, the stock market took a brief dive.
If these organizations can be hacked, there's a good chance that everyday users can, too. Of course, everyday users are much less tempting targets. [See also: 10 Tips for Staying Safe on Twitter]
Two-step verification brings its own share of potential difficulties. Although individual users will have little problem with it (save for those who have limited texting plans or no smartphone access), two-step verification may pose larger challenges for Twitter accounts like CBS and the Associated Press, which often have multiple operators tweeting from around the world. Tying a verification code to a single phone number or mobile device will render their accounts almost useless.
Furthermore, two-step verification can be a very effective way to lock legitimate users out of their own accounts after they are hacked. If a hacker compromises a Twitter account and then attaches a two-step verification code to it, regaining control of the account can be almost impossible.
The best defense on Twitter, for now, is still to have a strong, hard-to-guess password (and if your password is something like "12345," you're out of luck).
When two-step verification launches, consider signing up for that as well. The last thing you want to do is inundate your followers with spam or malware.