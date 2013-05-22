By Jim Finkle
May 22 Twitter Inc unveiled technology to boost
security for its users, following a spate of attacks on accounts
of prominent media outlets including the Associated Press, the
Financial Times and The Onion.
The micro blogging site, which transmits some 400 million
messages a day, said on Wednesday that it had begun rolling out
an optional "login verification" service to thwart hackers
seeking to hijack accounts with stolen passwords.
Security experts welcomed the move as a positive step toward
securing a service that is widely used by consumers, political
activists, advertisers and news outlets around the globe to
quickly exchange information.
Twitter had come under fire over the past year for failing
to offer such an option, which is known as two-factor
authentication, amid a surge in breaches of high-profile
accounts. That criticism intensified in April after a fake tweet
about a non-existent White House explosion sent from the
Associated Press account briefly roiled U.S. financial markets.
"It's been a long time coming," said Jeremiah Grossman,
chief technology officer of White Hat Security. "It's not going
to solve all problem, but it's a step in the right direction."
When users log in to Twitter via a web browser, they must
confirm their identity by entering a six-digit code that Twitter
delivers to their smartphones. To access the service through
applications for PCs and smartphones, users must use an
automatically generated temporary password for each of the
programs.
Twitter described the offering in a blog post, reminding
users that they still need to use strong passwords to keep
accounts secure.
The approach is similar to security tools previously
introduced by other Internet services from companies including
Facebook Inc, Google Inc and Microsoft Corp
.
"This would have made the AP hack and other hacks against
Twitter more difficult to accomplish," said Jeffrey Carr, CEO of
cyber security firm Taia Global Inc.
Yet he added that hackers looking to break into corporate
accounts will still be able to do so if they can take control of
PCs or smartphones running applications authorized to use the
service.
"Two-factor authentication isn't perfect," Carr said. "If
you own the machine, it really doesn't matter."