Twitter reportedly is getting ready to roll out two-factor authentication in the coming weeks -- a development that comes not a moment too soon as the company's current security efforts fall short.
Take Tuesday, when the state of Twitter's account security was on full display as hackers took over the Associated Press Twitter account and falsely reported two explosions at the White House. The AP attack came just a few days after Twitter accounts controlled by CBS News -- including ones for 60 Minutes, 48 Hours, and a network affiliate station in Denver -- were taken over.
[ Also on InfoWorld: 5 hot security defenses that don't deliver. | Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
The malicious attacks would have been harder, if not impossible, to pull off had these Twitter accounts been protected with two-factor authentication. Wired reports that feature will roll out to Twitter accounts gradually in the coming weeks.
Two-factor authentication requires you to enter two login tokens before you can access an online account. The first token is your standard password (something you know), while the second is a login code randomly generated by a smartphone app or sent via SMS or email (something you have).
Two-factor authentication is becoming a common security feature for many online services you already use including Dropbox, Facebook, Google, and Microsoft. It may be a little inconvenient to deal with two-factor authentication, but anyone who's lost control of their Facebook or email account can tell you the extra security gain is worth the minor hassle.
Here's a quick look at how two-factor authentication currently works for the major online services you use every day.
The best account to start with if you're new to two-factor authentication is Google, because you can use the Google Authenticator smartphone app to generate random access codes for many other services.
To set it up, visit Google's two-step verification landing page and click the Get Started button on the top right-hand side of the window. Google will then guide you through the process for enabling two-factor authentication, which includes downloading and installing Google Authenticator for smartphone users.
The Google Authenticator app is available for Android, iOS, and BlackBerry 4.5-6.0 devices. If you don't have a smartphone you can still use Google's two-factor authentication by receiving access codes via SMS.