Twitter has just posted an update to its blog detailing new security updates rolling out via iOS and Android mobile app updates today, which include the ability to use login verification and approve login requests direct from your mobile device. Twitter announced SMS-based login verification (a form of two-factor authentication) in May, but now you don’t need to supply a phone number as push notifications and app alerts can do everything you need.
This means that countries that were previously left out of the SMS verification program due to geographic limits can now step up to two-factor, which means everyone with an active connection and access to the official Twitter app on Android or iOS can participate. When a login is attempted and the option is enabled by a user, they’ll get a push notification alerting them to the login attempt and asking them to approve it. To prevent being locked out, you also get a backup code in the application for you to record elsewhere in case your phone is permanently offline.
The app also provides more context around the request, giving you the type of browser it was made from and a general location request, so it’s easier to know what’s legit and what isn’t. Chances are you won’t be asked to grant legitimate access from Nairobi if you’re in the U.S., for example, or vice versa. Twitter faced a number of high-profile phishing attacks earlier this year, including one of the official Associated Press account that had considerable financial impact.
Anyone who wants to enable the verification can go to the “Me” tab, access Settings and then Security, then turn on the Login verification option.
Other new features include improved search via social context indicators that provide more info on people who come up in your search suggestions, as well as a photo gallery in search which displays returned results in a mosaic layout giving you more access to more images at once.
The updates in general resonate with Twitter’s progress of bringing more desktop features to its mobile platforms, and should go a long way to helping its users secure themselves against phishing and other types of malicious attacks.