Published May 22, 2013
Reacting to a string of recent high-profile cyber heists, Twitter took a page from Google's (GOOG) playbook on Wednesday and announced two-step password verification, an effort it hopes will add an extra layer of support and bring down the number of account takeovers.
The move is in response to a series of market-moving attacks this year, including a takeover of the Associated Press’s Twitter account last month that sent the stock market spiraling 143 points on false reports of a bombing at the White House.
“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web,” Twitter said in a blog post.
The new password mechanism will allow users to enact a second check beyond just their traditional password to better ensure the person logging on is who they say they are. Similar to Google’s two-step system, a six-digit code will be sent to the user’s phone via SMS as soon as they prompt the first login verification. That code, which is received on the mobile device almost instantaneously, will then be required to get completely into the Twitter account.
The extra protection makes it more difficult for hackers to gain access to an account. Oftentimes, cyber evildoers break through traditional passwords through phishing schemes that place spyware on a computer and swipe usernames and passwords or by simply guessing the password using so-called “dictionary attacks” that utilize a cluster of computers to guess various combinations of passwords at a high rate.
The security feature can be enabled via the Twitter user’s account settings page. A confirmation email will then be sent to the account’s email and a quick test will be taken to ensure the phone number provided is accurate and the SMS is received.
Twitter warns, however, that even with this security options, it is still important to use a strong password. The length and complexity of passwords help exponentially in protecting against cyber heists, as do ensuring that passwords vary across all accounts.