homepage Welcome to WebmasterWorld Guest from 184.73.104.82
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Social Media / Twitter
Forum Library, Charter, Moderators: not2easy & rumbas

Twitter Forum

    
Twitter Introduces Two-Factor Authentication To Help Thwart Phishing
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4577009 posted 2:00 pm on May 23, 2013 (gmt 0)

If you're like me, logging off and on, it's going to become a pain, but, I imagine more painful if the account is hijacked.

According to Twitter, there are more security enhancements to follow.

This is a form of two-factor authentication. When you sign in to twitter.com, thereís a second check to make sure itís really you. Youíll be asked to register a verified phone number and a confirmed email address. Twitter Introduces Two-Factor Authentication To Help Thwart Phishing [blog.twitter.com]
With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.
This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers).

 

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4577009 posted 10:32 pm on May 23, 2013 (gmt 0)

I maintain a lot of Twitter accounts...some of which need to be accessed by multiple people. Although I'm a huge fan of multi-factor authentication I'm not sure I'm too happy with this setup. The busiest accounts are maintained/monitored by several people, and those are the accounts that can't take advantage of this scheme.

It would have been preferable if they could have used a software key generator, like Google Authenticator, to implement this.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4577009 posted 1:19 am on May 24, 2013 (gmt 0)

Temporary password?! Isn't the whole point of multi-factor authentication that if you do need to jump through extra hoops, they're hoops that you have already designed yourself? These days probably something more specialized than the once-popular "mother's maiden name" ... which may well be your own current name.

This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers).

And, er, not to belabor the obvious, but it will definitely not work on any non-cellular telephones.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4577009 posted 1:37 am on May 24, 2013 (gmt 0)

Perhaps you're not clear on multi-factor authentication? It's not a question of adding your own security questions. In addition to a password you have a token of some sort that you always have with you, like a USB key, a security dongle, or in this case your mobile phone.

They screwed this up for me because Twitter has never supported my phone's SMS system in Japan, so I'm unable to use this even if I wanted to. That's why it would have been better for me if they had used a software key generator.

ken_b

WebmasterWorld Senior Member ken_b us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4577009 posted 2:50 am on May 24, 2013 (gmt 0)

I read the post in the link above.

I can't really tell if this is optional or mandatory.

Anyone know which it is?

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4577009 posted 4:23 am on May 24, 2013 (gmt 0)

In my neck of the woods, "multi-factor" technically means it goes both ways. You do stuff to convince them that you're you-- but they also have to do something to convince you that they're really your bank and not some passing hacker.

If it's hardware-dependent, then it's beyond authentication and into the bland assumption that every individual human has their own dedicated internet-access device, shared with nobody else. Which, come to think of it, is the advertisers' target audience anyway.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4577009 posted 7:28 am on May 24, 2013 (gmt 0)

I can't really tell if this is optional or mandatory.

It's an option you have to turn on in your settings.
It had better be optional because they don't support my mobile carrier. ;-p


In my neck of the woods, "multi-factor" technically means it goes both ways

What you're describing sounds like "mutual" authentication.

According to Wikipedia, "Multi-factor authentication (also Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence factor ("something the user is")."

System
redhat


 
Msg#: 4577009 posted 8:01 am on Jun 5, 2013 (gmt 0)

The following 3 messages were cut out to new thread by engine. New thread at: twitter/4581312.htm [webmasterworld.com]
3:18 pm on Jun 5, 2013 (utc +1)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Social Media / Twitter
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved