Twitter Inc unveiled technology to boost
security for its users, following a spate of
attacks on accounts of prominent media
outlets including the Associated Press, the
Financial Times and The Onion.
The micro blogging site, which transmits some
400 million messages a day, said on Wednesday
that it had begun rolling out an optional "login
verification" service to thwart hackers seeking
to hijack accounts with stolen passwords.
Security experts welcomed the move as a
positive step toward securing a service that is
widely used by consumers, political activists,
advertisers and news outlets around the globe
to quickly exchange information.
Twitter had come under fire over the past year
for failing to offer such an option, which is
known as two-factor authentication, amid a
surge in breaches of high-profile accounts.
That criticism intensified in April after a fake
tweet about a non-existent White House
explosion sent from the Associated Press
account briefly roiled U.S. financial markets.
"It's been a long time coming," said Jeremiah
Grossman, chief technology officer of White
Hat Security. "It's not going to solve all
problem, but it's a step in the right direction."
When users log in to Twitter via a web
browser, they must confirm their identity by
entering a six-digit code that Twitter delivers
to their smartphones. To access the service
through applications for PCs and smartphones,
users must use an automatically generated
temporary password for each of the programs.
Twitter described the offering in a blog post,
reminding users that they still need to use
strong passwords to keep accounts secure.
The approach is similar to security tools
previously introduced by other Internet
services from companies including Facebook
Inc, Google Inc and Microsoft Corp.
"This would have made the AP hack and other
hacks against Twitter more difficult to
accomplish," said Jeffrey Carr, CEO of cyber
security firm Taia Global Inc.
Yet he added that hackers looking to break into
corporate accounts will still be able to do so if
they can take control of PCs or smartphones
running applications authorized to use the
service.
"Two-factor authentication isn't perfect," Carr
said. "If you own the machine, it really doesn't
matter."
Machapisho
Hakuna maoni:
Chapisha Maoni