homepage Welcome to WebmasterWorld Guest from 54.211.157.103
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Social Media / Twitter
Forum Library, Charter, Moderators: not2easy & rumbas

Twitter Forum

    
Twitter Introduces Two-Factor Authentication To Help Thwart Phishing
engine




msg:4577011
 2:00 pm on May 23, 2013 (gmt 0)

If you're like me, logging off and on, it's going to become a pain, but, I imagine more painful if the account is hijacked.

According to Twitter, there are more security enhancements to follow.

This is a form of two-factor authentication. When you sign in to twitter.com, thereís a second check to make sure itís really you. Youíll be asked to register a verified phone number and a confirmed email address. Twitter Introduces Two-Factor Authentication To Help Thwart Phishing [blog.twitter.com]
With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.
This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers).

 

bill




msg:4577224
 10:32 pm on May 23, 2013 (gmt 0)

I maintain a lot of Twitter accounts...some of which need to be accessed by multiple people. Although I'm a huge fan of multi-factor authentication I'm not sure I'm too happy with this setup. The busiest accounts are maintained/monitored by several people, and those are the accounts that can't take advantage of this scheme.

It would have been preferable if they could have used a software key generator, like Google Authenticator, to implement this.

lucy24




msg:4577243
 1:19 am on May 24, 2013 (gmt 0)

Temporary password?! Isn't the whole point of multi-factor authentication that if you do need to jump through extra hoops, they're hoops that you have already designed yourself? These days probably something more specialized than the once-popular "mother's maiden name" ... which may well be your own current name.

This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers).

And, er, not to belabor the obvious, but it will definitely not work on any non-cellular telephones.

bill




msg:4577244
 1:37 am on May 24, 2013 (gmt 0)

Perhaps you're not clear on multi-factor authentication? It's not a question of adding your own security questions. In addition to a password you have a token of some sort that you always have with you, like a USB key, a security dongle, or in this case your mobile phone.

They screwed this up for me because Twitter has never supported my phone's SMS system in Japan, so I'm unable to use this even if I wanted to. That's why it would have been better for me if they had used a software key generator.

ken_b




msg:4577253
 2:50 am on May 24, 2013 (gmt 0)

I read the post in the link above.

I can't really tell if this is optional or mandatory.

Anyone know which it is?

lucy24




msg:4577266
 4:23 am on May 24, 2013 (gmt 0)

In my neck of the woods, "multi-factor" technically means it goes both ways. You do stuff to convince them that you're you-- but they also have to do something to convince you that they're really your bank and not some passing hacker.

If it's hardware-dependent, then it's beyond authentication and into the bland assumption that every individual human has their own dedicated internet-access device, shared with nobody else. Which, come to think of it, is the advertisers' target audience anyway.

bill




msg:4577289
 7:28 am on May 24, 2013 (gmt 0)

I can't really tell if this is optional or mandatory.

It's an option you have to turn on in your settings.
It had better be optional because they don't support my mobile carrier. ;-p


In my neck of the woods, "multi-factor" technically means it goes both ways

What you're describing sounds like "mutual" authentication.

According to Wikipedia, "Multi-factor authentication (also Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence factor ("something the user is")."

System
redhat



msg:4581314
 8:01 am on Jun 5, 2013 (gmt 0)

The following 3 messages were cut out to new thread by engine. New thread at: twitter/4581312.htm [webmasterworld.com]
3:18 pm on Jun 5, 2013 (utc +1)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Social Media / Twitter
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved