April 24, 2013
Twitter To Implement Two-Factor Authentication After Recent Hacks
Peter Suciu for redOrbit.com — Your Universe Online
On Monday a fake tweet was sent out from the Twitter account of the Associated Press (@AP) that there had been an attack on the White House and that President Obama was injured. This sent stocks tumbling.
The FBI and securities regulators are looking into the hacking incident.
This latest incident follows the hacking of the CBS Twitter accounts last Friday, where the so-called Syrian Electronic Army (SEA) began tweeting messages that contained malware-infected links, as well as statements critical of the United States government.
Twitter is now reportedly testing a two-factor authentication and will roll out this new level of security soon. The micro-blogging site is currently conducting internal tests before gradually introducing the new security measures site-wide.
There have been numerous calls for Twitter to devise and enforce a two-factor authentication as a way to prevent these hacking incidents.
“Alongside the buzz about Twitter becoming our primary source of news is the realization that not everything you read on the microblogging network can be trusted. Usually, this is because people are too quick to tweet without verifying facts, but sometimes it's because the person behind the tweets isn't who you think they are,” posted Mashable´s Lance Ulanoff on Monday following the hacking of the AP´s account.
Wired reported that Twitter will add that two-step — also known as two-factor or multifactor — authentication to help prevent a hacker from gaining access to an account. This two-factor authentication requires more than just a password alone. Whenever someone logs in from a new location it will be necessary to enter a password along with a randomly generated code that is set to the device.
This code could be sent via a text message or smartphone application, and sent to a previously registered device.
Google has already built in an option to apply two-factor authentication, which would require users to enter a username and password, but in addition have Google send the user a security code via text, voice call or mobile app, which would then have to be entered when prompted.
Twitter has apparently been looking to beef up its security and since February has had a job posting for a “Software Engineer — Product Security.”
“Do you like to code? Do you like security? Have we got the perfect position for you! Twitter´s Product Security team is hiring engineers to build a more secure platform and user experience. You´ll work alongside your fellow engineers to ship product features, assess and write security-critical code, or develop programmatic approaches to detecting and preventing vulnerabilities,” the job posting reads.
Until that time users may be best to not believe everything they read.
The tweet about the false White House attack, which caused stock markets to react quickly, occurred on traders´ screens just after 1p.m. The AP used other social media including its corporate blog, along with its Web site, to announce that the Twitter account had been hacked.
While the AP was quick to address the fake tweet, it is surprising that followers based their reactions on it alone — and didn´t look to other sources to confirm that there had been an attack. That would have been a two-factor verification.