Skip to content

Kashif Ali

Surfeit and Blasé Security

Posted on August 6, 2013 by arstechnica.com

Twitter rolls out two-factor authentication that’s simpler, more secure

Twitter

Twitter has unveiled a new login verification feature that largely replaces the two-factor authentication system it rolled out in May to prevent a rash of password phishing attacks hitting its users.

The new system relies on strong encryption to provide iOS and Android smartphone users with an end-to-end solution that's not vulnerable to compromised SMS delivery channels. Unlike the current system, it also does away with the use of a "shared secret" between end users and Twitter, since the secrets are often just as vulnerable as passwords to phishing and other types of attacks. The cryptographic key used to approve login requests stays on a user's phone and is managed by the Twitter app itself. In addition to being more resistant to attack, the system is easier to use, company officials said.

"Now you can enroll in login verification and approve login requests right from the Twitter app on iOS and Android," Twitter security engineer Alex Smolen wrote in a blog post published Tuesday. "Simply tap a button on your phone and you're good to go. This means you don't have to wait for a text message and then type in the code each time you sign in on twitter.com."

Read 12 remaining paragraphs | Comments


    


Categoriesaccount security, hijacking, Naked Security, Risk Assessment, Security, Technology Lab Tagspasswords, phishing, Twitter, two-factor authentication

Post navigation

Previous PostPrevious Backdoor in popular ad-serving software opens websites to remote hijacking
Next PostNext Firefox 23 lands with a new logo and mixed content blocking
August 2013
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  
« Jul   Sep »

Tags

  • Adobe
  • Android
  • anonymous
  • Apple
  • Biz & IT
  • censorship
  • Crime
  • Cybercrime
  • Cybersecurity
  • Data loss
  • data protection
  • DDoS
  • Exploit
  • Facebook
  • FBI
  • Featured
  • hack
  • hacking
  • Hacks and Cracks
  • https
  • intellectual property
  • iphone
  • Law & order
  • Malware
  • Mobile
  • NEWS & INDUSTRY
  • OS X
  • passwords
  • phishing
  • politics
  • privacy
  • Scam
  • Social networks
  • Spam
  • SSL
  • Stuxnet
  • Surveillance
  • Tech
  • The Courts
  • The Ridiculous
  • Twitter
  • Uncategorized
  • Vulnerability
  • Windows
  • Zero Day
About Proudly powered by WordPress