Twitter mulls implementing two-factor authentication

After a sophisticated attack hit Twitter's users on the weekend, the micro-blogging platform is looking to hire a software engineer to help implement two-factor authentication.
Written by Michael Lee, Contributor

Twitter may have two-factor authentication in the works for its micro-blogging platform to increase its security.

According to a job advertisement, as first spotted by the Guardian, Twitter is looking for a software engineer to fit in to its product security division.

One of the responsibilities for the new engineer will be to "design and develop user-facing security features, such as multifactor authentication and fraudulent log-in detection." The job listing also says that the new engineer's work will "directly impact the security of hundreds of millions of Twitter users."

Other companies have been gradually introducing multi-factor authentication in the past few years. These include Google, Facebook, Yahoo, Amazon Web Services, Dropbox, Blizzard's Battle.Net, and Valve's Steam.

The security measure works in conjunction with users' username and passwords, requiring a third factor of authentication in the form of entering information from a hardware or software token, or a message received via SMS. Unlike regular passwords, the additional factor of authentication is only valid for a short period of time and cannot be chosen by the user. This eliminates the ability for attackers to brute force the additional code and saves users from making poor token selection choices.

Twitter's security has only recently been tested by hackers that Twitter claims were "extremely sophisticated." Over the weekend, it was forced to reset the passwords of over 250,000 users. It wrote on its blog that it "detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," including one attack that was still "live" upon discovery.

Editorial standards