Twitter reveals massive security overhaul

[Jazzy]

Following a number of high-profile hacks Twitter has boosted account security on the site by introducing two-step logins.

Twitter is calling the feature 'login verification' and when users log into Twitter they will now be sent six-digit code via text each time, to check they are who they say they are.

This code will need to be entered onto the login screen in order for users to get access to their accounts.

The feature is optional and is not currently turned on by default.

In a blog post, Jim O'Leary from Twitter's product security team said:
'Every day, a growing number of people log in to Twitter.

Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.

'We’re introducing a new security feature to better protect your Twitter account: login verification.'

Users can enable login verification on Twitter by going to their account settings page and selecting 'Require a verification code when I sign in'.

After clicking 'add a phone', the user will get a verification code sent to the mobile number which is connected to their account.

This code must then be entered to verify that device to their account.

Each time a user with login verification enabled then signs in at Twitter.com, they will be sent another unique six-digit code that they must enter to get access to their account.

People who share access, such as business accounts, will need to have the code sent to a shared phone or nominate a person to receive the text.

Hackers have previously targeted the accounts of satire-news site The Onion, The Telegraph, Hollywood actor Ashton Kutcher, BBC Weather, Top Gear presenter Jeremy Clarkson and more.

Full article with instruction video

I guess if you don't have a mobile phone you're shite out of luck. If your phone is either lost or stolen, then the person who finds it can now access your account. This doesn't sound very secure to me.

What do you think?

 

[The Dragon Master]

It's not the most secure but it's more secure than what it was. It's nice to know that this has only really been made because some celebrity's twitter account was hacked, not some poor person who could have been hacked because of some stalker or bully or whatever.

 

[Evil Eye]

Hmm, certain government sites use the exact same thing*. Guess it works.

* I tried to make them pay for a phone, they told me it's also possible to physically mail everything in.

If your phone is either lost or stolen, then the person who finds it can now access your account.

Provided they have your Twitter password and can use your phone (which should have a PIN or something protecting it as well).