This article was published on May 22, 2013

Twitter unveils login verification, a form of two-factor authentication to better protect accounts via SMS


Twitter unveils login verification, a form of two-factor authentication to better protect accounts via SMS

Twitter unveiled today a new security measure it hopes will better protect user accounts from hacking and unauthorized entries. Called login verification, once enabled, users will be prompted to verify their phone number and email address to confirm their identity.

In light of the recent phishing scams, hacks, and takeovers by either Anonymous or the Syrian Electronic Army, Twitter has started to take measures to ensure user data and privacy is ensured. While acknowledging that most login attempts come from “genuine account owners”, there are those that Twitter hears from that have been compromised from password leaks.

account-security-cropped

This feature is beginning to roll out today so if you don’t see it right away, be patient. I checked my Twitter account settings at the time of publishing this story and I didn’t see this feature. For those users that have it enabled, users can go to their Account Settings page and check the box next to “Require a verification code when I sign in.”

Just like with Google’s authentication protocol, when a user logs in, they will be prompted to enter in a six digit code that will be sent to their phone via SMS.

Twitter cautions users to not think of this as a guarantee that accounts will never again be hacked. Rather, it says that a strong password is also needed to help keep accounts secure.

From a technical standpoint, the company says:

This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers). However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future.

Last April, Twitter was reportedly beginning to test two-factor authentication on its platform. At the time, a company spokesperson said it didn’t have anything to announce. With the release of login verification, Twitter joins companies like Evernote and Cloudflare who have implemented the security measure in their service.

Photo credit: NICHOLAS KAMM/AFP/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with