App.net on Wednesday announced two new features for its service: two-factor authentication and application-specific passwords. Both measures should significantly beef up security on the social network, a welcome move following the recent slew of Twitter account hacks last month.
For those who don’t know, two-factor authentication protects your account by requiring you to enter more than just your password to log in. In App.net’s case, this is a constantly changing numerical code accessible only on your phone or tablet. This means that an attacker needs both your password and physical access to your device to break into your account.
Application-specific passwords take things a step further to keep your account safe. When a native app requests that you log in, you can generate a special one-time use password in order to avoid having to hand over your account’s main password.
Both these features, especially when used in conjunction, significantly decrease the chance someone can hijack your App.net account. As such, we recommend you enable both.
To turn on two-factor authentication, you’ll need to install a one-time password app (App.net recommends Google Authenticator, which is available for iOS, Android, and Blackberry) on your phone and scan a QR code from your computer. Your one-time password app will generate a six-digit code, which you then have to enter into App.net whenever prompted:
After completing these steps, every time you log in to your App.net account, you will enter your authenticated code from your phone or tablet. During the process, you will be given a set of back-up codes in case you lose your phone or tablet. It is important to print those codes out and keep them in a safe place.
To enable application-specific passwords (as well as two-factor authentication), go to the Security section of your App.net account settings. Remember that this password cannot be used to authenticate other apps, nor can it be used to gain additional permissions beyond the permissions initially granted.
App.net’s announcement makes today a sad one for Twitter, as its very young competitor has implemented two-factor authentication before the much older social network. Twitter has been asked for years to implement the feature to help thwart attacks, which are only becoming more and more frequent as the service grows.
App.net has beaten it to the punch, and even gone even further by offering app-specific passwords. Dear Twitter, are you paying attention?
Image credit: blzblz