Twitter says it is bringing in an optional two-step login process for its users to improve the security of each account, following recent high-profile breaches within the social network.
The news comes after a number of high-profile Twitter accounts were illegitimately accessed, including those of major news organisations such as the Financial Times and the Associated Press (AP), the latter causing widespread panic when hackers sent a fake news tweet claiming US President Barack Obama had been injured. This followed an attack against Twitter itself in February, which led to 250,000 users having their passwords stolen.
Mr. Jim O'Leary (product security head of Twitter) explained the new two-factor authentication system thusly:
A message containing a verification code would then be sent to the account holder's mobile phone that can be used to log in. However, he also reminded Twitter users of the importance of strong passwords:"You'll need a confirmed email address and a verified phone number. After a quick test to confirm that your phone can receive messages from Twitter, you're ready to go."
"Of course, even with this new security option turned on, it's still important for you to use a strong password and follow the rest of our advice for keeping your account secure."
However, Kim Dotcom - owner of Mega.co.nz file sharing site, itself the spiritual successor of the controversial former file upload website MegaUpload - is threatening a patent lawsuit over the Social Network's newfound use of two-factor authentication. Extending the threat to Google, Facebook, Twitter, Citibank and other companies that have implemented the system, he claims the use of mobile devices to offer a second layer of security for website logins infringes a patent describing an SMS-based two-step-authentication process he filed with the US Patent Office in 1998 and was granted in 2000; with Dotcom claiming registrations also exist in twelve other countries.
"I never sued them. I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the US did to me."
The BBC reports that he is not alone in these claims, however:
A New Jersey-based firm called Strikeforce is currently suing Microsoft over its use of two-factor authentication tech based on a patent it filed in 2004.
And another British company, SecurEnvoy, recently announced it had been granted patents for a "business grade" SMS-based two-factor authentication process.
However, let's look beyond the arguments and focus on the security. Will you be turning on two-factor authentication for your Twitter account?
[Via Technically Motivated]
