The recent hack of The Associated Press' Twitter account showed the true power and impact the social media platform can have. After hackers took over the news organization's account and reported that President Barack Obama was seriously injured, the S&P 500 briefly took a significant dip. To combat Internet security issues like this that have potential to generate global shockwaves, Twitter has introduced a two-step authentication system that will be voluntary for users of the website.
"Today we're introducing a new security feature to better protect your Twitter account: login verification," said Jim O'Leary, a member of the social site's product security team, in a blog post. "This is a form of two-factor authentication. When you sign in to twitter.com, there's a second check to make sure it's really you. You'll be asked to register a verified phone number and a confirmed email address."
The feature will be gradually rolled out, according to Twitter, and will look to stop the email phishing schemes which have affected multiple brand-name businesses across the social media giant's website. They will also prevent breaches of password data from across the web, which InformationWeek said happens when attackers can access an account if passwords have been reused elsewhere.
Data security professionals believe that this development has been a long time coming for the microblogging site. Mark Risher, CEO of Impermium, told the news source that this "significantly raises the bar" of security for many of the attacks the website has been experiencing. However, since this is an optional feature, he said Twitter must inform users that it will only be useful if it is configured in advance. To do this, users of the website can go to the account settings page, check "Require a verification code when I sign in," and receive a six digit number via SMS message on every attempted log-in.
The attacks are being claimed by the Syrian Electronic Army (SEA), which has also included The Onion and Reuters, among others, have forced Twitter's hand in evolving security for its users. With this large string of attacks, something had to be done to make sure people are safer online than they have been in past days, but some security professionals are already critiquing the way it is being done, according to InformationWeek. Sean Sullivan, an adviser at F-Secure Labs, said on Twitter that he believes that the company should be using authenticator apps instead of SMS messaging. Risher also questions if Twitter will be monitoring for unusual login patterns.
"We hope that Twitter has incorporated proactive monitoring in addition to this authentication feature," said Risher. "Locking the front door is important, but without intelligent systems determining when, how and whether to allow access – even for people with the 'key' – account hijacking vulnerabilities will persist."
Back on Twitter's blog, O'Leary said this is only the first step toward improving security, as they will need users to enroll in the SMS program to have login verification. The engineering work will allow them to deliver better security enhancements in the future, he wrote. However, there may still be impending threats, as one member of the SEA told Vice Magazine that there are still security holes they know of in Twitter's model that could make the company and its users uncomfortable, adding "we are not going to give up."
Even with vague threats, everyone is happy to see Twitter taking steps to protect the security of its users. Barmak Meftah, chief executive officer of security company AlienVault, told Bloomberg that it is necessary to have in place as social media websites are big targets for hackers. Any effort to make sure these websites are safe is a big one, he said, and believes it is great that Twitter is trying what they can to ensure the data security of users.
Security News from SimplySecurity.com by Trend Micro.