Every week there’s a new story about a major Twitter account getting hacked. Our emotions don’t even register surprise or fear anymore when we hear about major corporations getting compromised by phishing scams launched by foreign terrorists. Twitter decided that it was time to take action and launched a two-step verification system yesterday.
To set up the authentication, go into your settings, register your phone number (be sure read all the checked boxes or Twitter will send you a text every time you get a new follower, mention or retweet)and then opt-in to two-step verification. Now whenever you sign into Twitter from a new device, Twitter will text you a code to enter before you can access your account.
The social network gave these instructions and described the reasons behind them in a rather blasé article on their blog:
We occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.
They’re trying to downplay the situation that more than 250,000 of accounts have been hacked in 2013 alone and some have directly affected the stock market. That’s understandable, but given the recent hacks of the Associated Press and Financial Times, this new barrier is hardly timely or relevant.
In the past month, most of the hacks that made news came from the Syrian Electronic Army launching email phishing scams. No amount of cell phone verification will save an account when the computer is infected by malware launched by employees accidentally opening emails and clicking bad links. Twitter took the opportunity to specify this in a security memo sent out to media a few weeks back:
Talk with your security team about ensuring that your corporate email system is as safe as possible…strong security practices will reduce your vulnerability to phishing.
If the fault lies with computers failing to block spam and human error by opening bad emails, why did Twitter set up the two-step verification?
They’re trying to comfort the average user while building back their reputation. I highly doubt that the Syrian Electronic Army will go after my 355 followers, but I sleep better knowing that the novice hacker operating out of his mom’s basement will get stumped by the needed verification… at least for now. It’s only a matter of time before someone overcomes it and Twitter is in the spotlight again for lax security.
This two-step verification process would have been relevant back in February, when average user accounts were being compromised left and right. Now, it just looks like a PR move to keep the Internet from labeling Twitter as the social network of choice for hackers and terrorists. It’s like asking a driver to wear his seat belt as he careens off of a cliff. It’s a nice sentiment, buy ultimately ineffective.
Do you think the two-step verification process will help cut back on the affected accounts? Are you going to change your settings just in case?