Following hack attack, Twitter adopts 2-step authentication

Following a hacker attack that affected some 250,000 of its users, Twitter is planning to adopt a two-factor authentication option that makes it harder for hackers to hijack accounts, even if they manage to acquire the passwords. Dubbed "2FA", the system works like Google's Gmail where a user will have to enter a short number code sent to his or her phone even after he or she enters the correct password, according to a report on UK's The Guardian. Aside from presenting a new authentication challenge, the system also warns the real owner of the account of unusual activity. "This is a splendid idea – I'm looking forward to it. It's something that we've wanted for some time. We've often said we would be prepared to pay for it – Twitter could monetize it by offering it to corporations and branded accounts. It would be pretty attractive," said Graham Cluley, senior technology consultant at security company Sophos. The Guardian also noted a job posting by Twitter for a "software engineer – product security", whose tasks include to "design and develop user-facing security features, such as multifactor authentication and fraudulent login detection." Other than the two-factor authentication, Twitter added SSL (Secure Sockets Layer) connectivity to its website and third-party apps in August 2011 to make sure users' credentials could not be captured via open Wi-Fi networks. The system particularly kicks in when there is an attempt to log in to the account from a new device, app or unfamiliar location. For now, there is no indication that Twitter would charge for two-factor authentication, The Guardian said. — DVM, GMA News