Yes.. let's all give Twitter Inc a huge dBase of active phone numbers to 'look after'.. thats.. a smashing idea.
Twitter locks down logins by adding two-factor authentication
Twitter has joined the growing number of companies offering two-factor authentication to prevent logins being stolen – a fate several high-profile users of its service have suffered recently. A new checkbox is being added to the Settings pages of Twitter accounts to enable the new feature. When checked, an SMS message …
-
Thursday 23rd May 2013 00:46 GMT Anonymous Coward
I don't care about Twitter
so in that instance I won't bother, but I take my gmail account seriously and have switched to two factor identification there. It is surprisingly convenient, because you have the option of drastically reducing the number of challenges sent when using your usual PC (monthly, I think). Google also supplies an app that generates a unique code every few seconds, so you can choose to use that instead of SMS if you prefer.
-
Thursday 23rd May 2013 00:52 GMT Anonymous Coward
RFC 6238
Other companies that have already introduced multi-factor authentication in the past few years include Google, Facebook, Yahoo, Amazon Web Services, Dropbox, Blizzard's Battle.Net, and Valve's Steam.
Microsoft last week also began rolling out two-factor authentication that operates similarly to Google's system, and issues one time codes by text message or, in instances where the user is not connected to a network, a code is generated by a smartphone app called Microsoft Authenticator.
The app supports a standard protocol — thought to be RFC 6238, according to Ars Technica — and means that Google's 'Google Authenticator' can also be used to generate that code for Microsoft's two-factor system. Dropbox's two-factor authentication also supports the standard.
From this article.
-
Thursday 23rd May 2013 10:34 GMT jay_bea
Re: RFC 6238
From an Ars article and comments, it appears that Twitter's implementation is flawed and limited and does not support RFC6238. You have to be sent a code every time you log in, and you cannot approve particular devices or browsers. In addition "The relationship between phones and accounts is also strictly one-to-one: if you have a shared business account, you're going to need to share a phone number too. If you have multiple accounts and only one phone number, then you can only secure a single account."
See http://arstechnica.com/security/2013/05/twitter-launches-two-factor-authentication-too-late-to-save-the-onion/
-
-
-
Thursday 23rd May 2013 12:25 GMT Graham 32
Great for individuals. What about companies?
Can you have multiple user IDs access a single Twitter account yet? Or are they still peddling the idea that companies run their Twitter account from one PC, with one user not sharing the password with anyone? I'm sure that works cos employees never quit or go rogue *cough* HMV *cough*.
Ref: http://www.bbc.co.uk/news/technology-22351987