Twitter finally offers 2-factor authentication
Posted on 23 May 2013.
Bookmark and Share
Following a slew of high-profile compromises of accounts belonging to media outlets such as AP and satirical news site The Onion, Twitter has finally implemented two-factor authentication to help prevent future ones. Unfortunately, the option is still not available to all users.

The security feature is easily turned on on the Account Settings page, and requires users to associate a mobile phone number with the account so that they could receive the verification code.

"With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application," says Jim O'Leary of Twitter's product security team, and points out that the feature is "built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers)."

Once the two-factor authentication feature has been enabled, the verification code is sent each and every time the user signs into Twitter via its website.

This first iteration of the feature does not offer persistent application passwords, and it also can't currently be used to secure more than one account.

Unfortunately for me, the feature doesn't work with my mobile operator, and I'm definitely not the only one, but let's hope that all these things will be fixed in the future.

As a side note: Kim Dotcom has chosen this moment to announce that Twitter, Google, Facebook and all other companies that have implemented two-step authentication are infringing his IP rights because of a patent he filed in 1997.


OpenBSD team forks OpenSSL to create safer SSL/TLS library

Posted on 22 April 2014.  |  Members of the OpenBSD project have begun working on a free version of the SSL/TLS protocol. They are not starting from scratch, but have forked OpenSSL to create a new, more secure option which they have dubbed LibreSSL.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Apr 22nd