Twitter said to be testing two-step security in wake of AP hack
Twitter is reportedly testing a two-step password system to improve its increasingly wobbly security.
Twitter is testing a two-step password system to improve its increasingly wobbly security, it has emerged, as the social network struggles with the fallout of the Associated Press's account being hacked.
The company is internally testing a new verification solution, Wired reports, in a leak likely intended to deflect criticism after hackers posted from @AP that the White House had been bombed.
The tweet sent the US stock market tumbling, only to recover immediately when it was found to be a hoax. AP's account was suspended within minutes. The news agency later claimed it was the victim of "phishing attempts on its corporate network" -- a complicated way of saying someone fell for a scam email.
The Syrian Electronic Army, a branch of the Syrian armed forces, claimed responsibility for the attack, which follows similar hacks on social media accounts of mainstream Western media organisations such as the BBC. It sees these outlets as supportive of the Syrian rebels.
Twitter's two-step system will probably be much like that offered by Facebook and other companies, where using your account from a new device will require not just your password but a unique code that's sent via text message to your phone.
That will make accounts that are run by multiple users -- such as our @cnetuk feed -- more complicated to manage, but I'd have thought few organisations will be unwilling to sacrifice some convenience for much greater security.
Twitter was on the end of a ferocious shellacking from many commenters last night, including my colleague at CNET News Molly Wood, who wrote, "If badly aimed tweets can lead to massive stock market drops, ruined lives, or other pain and suffering, financial or otherwise, don't be surprised if some lawmaker starts to take a harder look [at regulating the service]."
Would you be more trusting of stuff you read on Twitter if two-step verification was in place? Or is it just an unnecessary hassle? Do governments need to do something? Let me know down in the comments, on our Facebook page, or tweet @cnetuk.