Twitter launches feature to 'make sure it's really you'
2-factor authentication introduced after hack attacks on media organizations
Following hack attacks on the Twitter accounts of The Associated Press, the Financial Times and other media organizations by the Syrian Electronic Army, Twitter has rolled out a new feature to help prevent unauthorized logins to a user's accounts.
Twitter announced on its blog Wednesday afternoon that in addition to a password, it is adding a "second check to make sure it's really you" — a verification method called two-factor authentication.
Users who enable the feature will be asked to provide and verify their mobile phone number and email address.
Those who sign up for two-factor authentication will receive a six-digit code via text message each time they sign in to Twitter and will need to enter it in addition to their password.
The rollout of the verification step, similar to those already available on sites such as Google and Facebook, comes after a series of recent attacks on media organizations by the Syrian Electronic Army, a group of hackers supportive of the regime of Syrian President Bashar al-Assad. In many cases, the group has hijacked Twitter accounts belonging to media organizations and sent out fake news tweets.
In late April, the group caused a $140-billion drop in one U.S. stock benchmark, the Dow Jones Industrial Average, when it tweeted from the account of The Associated Press that U.S. President Barack Obama had been injured in explosions at the White House.
In just the past week, it has hijacked the accounts of the popular U.K.-based media outlets the Financial Times and the Telegraph. Its previous targets have included the BBC and NPR.
Feature not media-friendly
But Twitter's new security feature is, "sadly," unlikely going to help such media organizations prevent similar attacks, suggested Graham Cluley, senior technology consultant at the internet security firm Sophos, on the company's Naked Security blog Thursday.
Cluley said that typically, media organizations have many staff, sometimes around the globe, who share the same Twitter accounts.
"They can't all access the same phone at the same time," he noted.
That means those people will either have to stay permanently logged in to Twitter or the six-digit code will have to be shared among many people by a central person in charge of the phone.
"For that reason, many media organizations may choose not to enable Twitter's additional security at this time," Cluley wrote. However, he said the new feature will likely be welcomed by individuals with personal accounts and small businesses.