Latest Posts

Latest Comments


Twitter hacks and the case for two-factor authentication


Posted by |

Many years ago, in the days before PlayStationgate, I was guilty of the cardinal sin of password repetition. And by sticking to two or three memorable letter and number combinations, my data was vulnerable. Before the PlayStation hack two years ago, password security was given much less consideration, but despite the efforts made by many users to improve their password’s entropy since the scandal, in some cases, even a lengthy password with capitals and numbers is not enough to prevent breaches of security. With the Associated Press’ (AP) Twitter account the subject of a high profile hacking last month, resulting in tweets being sent from the AP account which falsely reported two explosions at the White House with President Obama injured, Twitter has been forced to draw the same conclusion, reportedly looking to introduce an additional layer of security to its login procedure.

According to various media outlets in the wake of the AP account hijack, Twitter is considering introducing a two factor authentication practice in an attempt to better secure the accounts of its users. The two-factor process would involve an additional security protocol on top of the password login system in existence, whereby users would have to submit an extra code when logging on, which could be communicated to them via a separate device such as a tablet or smartphone. This process would require hackers to not only have guessed the password itself, but to have also accessed the device over which the second security code is delivered, decreasing the likelihood of successful security breaches.

This introduction of a layered security process has been met with a mixed reception, given the nature of the Twitter experience. Organisations using one shared Twitter account, including the Associated Press, have commented that this dual step would result in only one user being authorised to operate the account, posing a ‘roadblock to productivity.’ However, while this is worth considering, Facebook has had a two factor authentication process (and other security measures) in place for a fair amount of time, and organisations using the site for marketing purposes do not seem to be encountering any such problems.

A two factor authentication process does not decrease productivity in the managed services domain either, instead enhancing it given the increased uptime users experience as a result of the improved security. Many managed service providers offer two factor authentication with their solutions and, as demonstrated by the Twitter hack last week, they can be very useful in terms of data security. Personally, I’ve learnt my lesson since the Playstation scandal, changing my passwords to more secure combinations and adopting two factor authentication for all of my password protected sites and applications. And as cybercrime costs the UK £27bn a year, adding additional security measures, which could include two factor authentication, is something all businesses should consider, too.



Post a comment

Comment submitted! Comments needs approval before being displayed.