It's Time for Twitter to Implement Two-Step Verification (UPDATE)

Man hacking laptop
Man hacking laptop

Two-step authentication: I'll admit it can sometimes be annoying from the user perspective. But the peace of mind of the added security outweighs that.

For those who don't know, two-step verification means you have to verify you are the rightful owner of an account in an additional way -- besides just entering a password. In most cases, it means syncing a mobile device you own, and you'll receive a code by text when you try to sign in. That code changes each time you try to sign in from a new device, or when a device you own has its cache cleared.

It's time for Twitter to implement it. The platform has had its fair share of hacks in recent months (remember when Burger King was sold to McDonald's)? Just yesterday, FIFA World Cup and FIFA Chief Sepp Blatter had their official accounts hacked. This past weekend, CBS said the official Twitter accounts for its shows 60 Minutes and 48 Hours had been hacked.

But today the Associated Press - a gold standard of the news business - suffered from an attack. In the process, it reported (briefly) to its nearly 2 million Twitter followers that the White House had been attacked. According to the Wall Street Journal, the impact of that tweet was even felt on the stock market! This is serious.

Most of the time, as Christopher Mims writes for Quartz, Twitter accounts are hacked because of weak passwords. Twitter itself has repeatedly issued reminders about using strong passwords. The implementation of two-step verification can also help keep accounts secure.

Google offers two-step verification. Facebook does too. Dropbox, Yahoo Mail, Amazon and some other sites incorporate it as well.

Microsoft just started rolling out two-step verification for email and its services within the past week. It's time to implement it on Twitter.

In the past, Twitter has said it's "explored two-factor authentication." In fact, a Twitter job listing in February made it seem like this was going to happen. For now, there's nothing definitive about it though; it's just speculation. It should happen though for the safety of Twitter users.

It's important to note that two-factor authentication doesn't prevent all attacks, as outlined by Michael Lee for ZDNet here. But it would certainly go a long way to making Twitter more secure.

UPDATE: Mat Honan reports for WIRED that Twitter has a working two-step security solution in testing and it hopes to roll it out soon.