Twitter Is Testing Two-Factor Authentication Internally, And It Can’t Come Soon Enough

In what was a mind-boggling series of events in real time, one Associated Press hack and a false tweet about the White House sent the stock market into a momentary free fall. Twitter hopes to stop intrusions like that in the future by introducing a two-factor authentication process, Wired has learned. When this offering will be available to users is unknown.

The company has been working on this at least since we talked to them in November, and became more apparent when it was seeking to hire engineers with specific experience with login security. Why has it taken so long? That’s a question that only Twitter can answer.

Google rolled out its two-factor authentication offering in 2011, but Microsoft only just introduced their own last week. Making additional authentication steps mandatory for all users is a non-starter, since any friction standing between a social service and engagement would be a nightmare.

Having said that, this type of authentication is something that every verified account on Twitter should have had long ago. When Twitter verifies an account, it’s saying that it’s gone through some type of procedure to approve that the person or entity is who they say they are. Keeping that integrity safe is essential to the entire concept.

In Twitter’s defense, a two-factor authentication for accounts that might be used by multiple parties in multiple locations, such as in the AP’s case, could be a hard problem to solve. In Google’s two-step process, as well as Facebook’s, you’re sent a text message with a code to enter when logging into your account from an un-authenticated device:


How something like that will work for an account managed by multiple people is a head-scratcher.

Until two-factor authentication rolls out, it’s smart to be vigilant when it comes to clicking on unknown links, and it’s always a good idea to change your password from time to time. Word of advice, though: Don’t make your password something like “APm@rketing.” That could get hacked at any time, no matter who you are, but especially if you’re the Associated Press.

[Photo credit: Flickr]