Locking down Twitter, 2 Step Authentication

Just a month after Associated Press had their Twitter account hacked, Twitter security team Jim O’Leary announces the release of 2 Step Authentication.  This form of two factor authentication can perform an additional security check when you login to your account.  The system will ask you to enter in a phone number and verify it as well as an e-mail address.

Setup Twitter 2 Step Authentication

1. Visit your account settings page.
2. Select “Require a verification code when I sign in.”
3. Click on the link to “add a phone” and follow the prompts.
4. After you enroll in login verification, you’ll be asked to enter a six-digit code that we send to your phone via SMS each time you sign in to twitter.com.

All existing applications should continue to work without any type of disruption.  In the blog post Jim O’Leary states:

This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers). However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned.

They also recommend that even with this additional layer of security, that you should still follow best practices by following their instructions on keeping your account secure. Google, Facebook, eBay, PayPal, Amazon, Microsoft, and Dropbox have already implemented two factor authentication.