Following the high-profile compromise of the Associated Press Twitter account, the microblogging service is said to be mulling some major security changes.
According to a Wired report citing company sources, Twitter is now working to introduce a two-factor authentication option which can help to prevent account theft from phishing attacks. After hearing how the AP incident occurred, such protections are more than welcome.
In the aftermath of the breach, which resulted in fraudulent claims that the White House had been bombed and president Obama had been injured, staffers reported receiving some suspicious emails which were later found to be connected to a phishing attack.
It seems that the Syrian Electronic Army used a series of targeted phishing emails to harvest the credentials of AP staffers and eventually gain access to the company's main Twitter account. The stolen password was then used to access the account and launch a hoax that managed to temporarily disrupt the stock market.
If the reported series of events is true, then the AP hack could have been easily thwarted, and if reports on new developments are to be believed, it soon will be.
Wired has posted a report which claims that Twitter will soon be launching a two-factor authentication platform. The site uncovered a job report from earlier this year which would suggest that additional protections would soon be arriving.
Why is that so important? Two-factor authentication ties the account credentials and log-in to actual holder. The platform not only requires a username and login, but also a numerical code which is randomly generated and then sent to a user's mobile phone for one-time use.
It's not easy to see how this can help to protect users. Even when a username and password are harvested, the attacker would have to steal the mobile device of a user in order to access an account. This can dramatically reduce the number of attacks, especially high profile breaches, which result from phishing.
Of course, in order to be effective, these efforts have to be put in place. Corporate accounts will have to identify a single manager who can receive and provide the one-time credentials for protected accounts, and that may prove to be another headache for corporate marketing and public relations teams who share an 'official' Twitter feed.
Ecostress instrument will provide new insights into water usage and plant health on Earth
Chinese cyber espionage group Thrip targeting satellite communications, telecoms and defence companies
Symantec warning over state-sponsored hackers targeting satellite operators' control systems
Letter to House of Commons Treasure Committee explains cause of payments glitch earlier this month
Would you want to live in a world without memes?