YouTube video
Twitter has finally implemented a two-factor authentication system following an embarrassing hack of the Associated Press’ Twitter account that briefly sent financial markets into turmoil.

The ease in which hackers compromised the AP account came as no surprise as many Twitter accounts are regularly hacked due to weak passwords and a relatively lax security system that allows applications to post tweets without reconfirming credentials. Often a victim just needs to click on a link to give hackers full posting access to an account.

Last week Twitter took its first steps to making accounts more secure by turning on an optional two factor authentication system. Two factor authentication involves securing accounts with a username and password as well as requiring the user to enter a code that is sent to a mobile phone once the password is correctly entered. Because it is tied to a single mobile device that is presumably in the user’s physical control, a hacker will have a difficult time entering the account with just the username and password alone.

The system is not as robust as Google’s two factor system that we reviewed last fall, but Twitter’s new system does make significant progress towards making the popular social networking service more secure. 

When implemented, Twitter’s system requires the mobile device code for logging in through their website, but also for authorizing new applications to post on the service. The user will need to go to Twitter’s website (after verifying their credentials with the two factor system) and generate a special password to authorize the application. While adding an additional burden for users, it does make the account significantly more secure given a mobile device must be in possession of the user. It’s great for accounts where multiple users have access to posting, as only the account administrator can authorize new applications.

The system is not without its flaws, as security researchers point out. A skilled hacker who is determined to take over a specific user’s account can figure out a way to circumvent the system using SMS spoofing (provided they know the mobile number of the account holder). But most users are not specifically targeted and often find themselves compromised after clicking links randomly sent to their account.

The new security layers are an optional feature and must be implemented on each account. Twitter only allows one mobile phone per account, so those managing multiple accounts will need to come up with an alternative phone numbers for each account they control. One solution is to use a Google Voice account as a phone number.

Click here to watch a larger screen version of our how-to video.

Connect with Lon:

Lon Seidman is the host and producer of “Lon.TV,” a consumer technology video show that is on a number of platforms including YouTube and Amazon. He creates in-depth, consumer-friendly product reviews and commentary. His YouTube channel has over 300,000 subscribers and more than 100 million views.

In addition to being a full-time content creator, Lon is an adjunct faculty member at the University of Hartford (his alma mater) where he teaches a course in entrepreneurial content creation.

Prior to becoming a full-time creator, Lon was a partner at The Safety Zone, his family’s business that manufactures gloves and safety equipment. The company has locations around the globe and employs over 200 people worldwide. The Safety Zone was acquired by the Genuine Parts Corporation in 2016.

Lon is also active in public service, serving as the Chairman of the Essex Board of Education, a member of the Region 4 Board of Education, and as the Secretary / Treasurer of the Connecticut Association of Boards of Education. He was endorsed by both Democrats and Republicans for his re-election in 2021.

The views, opinions, positions, or strategies expressed by the author are theirs alone, and do not necessarily reflect the views, opinions, or positions of