Today, Twitter finally started rolling out dual-factor authentication for its users. Twitter will allow users to use text messaging to a mobile phone to confirm their identity upon log-in.
Make your Twitter account more secure with login verification, in 4 easy steps: blog.twitter.com/2013/getting-s…
— Twitter (@twitter) May 22, 2013
In a post and accompanying video on the company blog, Twitter product security team member Jim O’Leary (@jimeo) explained how Twitter’s version of 2-factor authentication will work:
…when you sign in to twitter.com, there’s a second check to make sure it’s really you. After you enroll in login verification, you’ll be asked to enter a six-digit code that we send to your phone via SMS each time you sign in to twitter.com.
To get started, visit your account settings page, and select the option “Require a verification code when I sign in”. You’ll need a confirmed email address and a verified phone number. After a quick test to confirm that your phone can receive messages from Twitter, you’re ready to go.
Twitter has lagged behind Google, Microsoft, Facebook and institutions that allow online banking in providing this additional layer of protection. It’s showed: Twitter has been plagued by phishing scams for years.
Recently, however, high profile hacks of Twitter accounts at the Associated Press, the Financial Times and The Onion have put more focus on adding this feature. As Twitter adds more e-commerce deals and becomes more integrated into politics and business, improving security will only become more important.
Today’s announcement is a much-needed improvement. Here’s hoping it gets rolled out quickly to the hundreds of millions of users who can’t get someone at Twitter on the phone after they clicked on the wrong link.
Hat tip: The Verge