Twitter tightens security after hacks

Two-factor authentication follows spate of high-profile security breaches

Criticism intensified in April after a fake tweet about a non-existent White House explosion sent from the Associated Press account briefly roiled US financial markets.

Criticism intensified in April after a fake tweet about a non-existent White House explosion sent from the Associated Press account briefly roiled US financial markets.

 

Twitter has boosted security for its users, following a spate of attacks on accounts of prominent media outlets including the Associated Press, the Financial Times and The Onion.

The micro blogging site, which transmits some 400 million messages a day, said yesterday it had begun rolling out an optional “login verification” service to thwart hackers seeking to hijack accounts with stolen passwords.

Security experts welcomed the move as a positive step toward securing a service that is widely used by consumers, political activists, advertisers and news outlets around the globe to quickly exchange information.

Twitter had come under fire over the past year for failing to offer such an option, which is known as two-factor authentication, amid a surge in breaches of high-profile accounts. That criticism intensified in April after a fake tweet about a non-existent White House explosion sent from the Associated Press account briefly roiled US financial markets.

“It’s been a long time coming,” said Jeremiah Grossman, chief technology officer of White Hat Security. “It’s not going to solve all problem, but it’s a step in the right direction.”

When users log in to Twitter via a web browser, they must confirm their identity by entering a six-digit code that Twitter delivers to their smartphones. To access the service through applications for PCs and smartphones, users must use an automatically generated temporary password for each of the programs.

Twitter described the offering in a blog post, reminding users that they still need to use strong passwords to keep accounts secure.

The approach is similar to security tools previously introduced by other Internet services from companies including Facebook Inc, Google Inc and Microsoft Corp .

“This would have made the AP hack and other hacks against Twitter more difficult to accomplish,” said Jeffrey Carr, CEO of cyber security firm Taia Global Inc.

Yet he added that hackers looking to break into corporate accounts will still be able to do so if they can take control of PCs or smartphones running applications authorized to use the service.

“Two-factor authentication isn’t perfect,” Carr said. “If you own the machine, it really doesn’t matter.”

Reuters

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.