Twitter strengthens login security after hacker attack

Days after a hacking attack, it has emerged that Twitter plans to strengthen its login security with two-factor authentication

Days after Twitter reset 250,000 account passwords after a hacker attack, it has emerged that the microblogging service plans to strengthen its login security with two-factor authentication.

The move is aimed at making it impossible for hackers to break into accounts, even if they obtain user passwords.

Last week Twitter reset the passwords of 0.13% of its users as a precaution because of uncertainty about whether or not hackers had accessed the encrypted passwords of account holders.

Google already offers a similar two-factor authentication system for its Gmail service that requires a code sent to an account holder’s mobile phone as well as a password to grant access.

Last August, Dropbox announced it was to implement two-factor authentication and create a webpage so users can track logins. Dropbox made the changes after attackers used stolen passwords to access user accounts.

Read more about two-factor authentication

The new Twitter system will be activated if any attempt is made to access their account from a device or location they have not used before. It will require a one-time access code to open the login page.

The move to a two-factor authentication system was signalled by a Twitter job offer for a software engineer, according to the Guardian.

Twitter said the successful candidate will have the opportunity to design and develop user-facing security features, such as multifactor authentication and fraudulent login detection.

The addition of another layer of security around logins is the latest in a series of moves from Twitter to protect its users from unauthorised access to accounts.

Last August, Twitter added secure sockets layer (SSL) connectivity to its website and third-party apps to ensure users' credentials could not be captured from open Wi-Fi networks.

Read more on Identity and access management products