Financial Times

Twitter Introduces Two-Step Authentication

Twitter has finally introduced two-factor authentication to more securely protect accounts, the company announced Wednesday.

The move comes after a number of hacks of high-profile Twitter accounts, including The Onion, the Associated Press and E! Online. Jim O’Leary from Twitter’s product security team announced the new feature via a blog post, saying it is in response to accounts “occasionally” being compromised by phishing schemes or password breaches on other sites.

Twitter is calling the new feature “login verification.” It works similarly to other two-factor authentication systems, especially Google’s: After the account holder logs into an account, Twitter will send a special code to the user via SMS text message that the person must enter to gain access to the account.

Users can enable login verification via their Twitter settings page. You’ll need both a confirmed email address and a verified phone number on your account to use the feature, and the system will send a test message to finish the activation.

Importantly, apps that you’ve linked to Twitter will continue to work “without disruption,” O’Leary wrote. For apps other than a browser that require you to log into Twitter, you’ll need a one-time password, available on Twitter’s application page (this is also similar to how Google two-factor authentication works).

Twitter built login verification out of its Twitter for SMS feature, which has been around almost since the service debuted. O’Leary says the work the company put into the new feature will enable more security enhancements in the future.

Calls for Twitter to introduce some kind of two-step verification service grew louder after account hacks became a frequent occurrence. Besides the companies mentioned earlier, the BBC, the Financial Times, Burger King and Donald Trump have all experienced Twitter hacks in recent months.

Currently it’s not available in UK/France

Update 25-May-13 10:54PM: This feature is now available in the United Kingdom, you will need to add a phone to your Twitter account to enable this feature.