Much-hacked social networking site Twitter has finally introduced two-factor authentication in a bid to cut down on the hijacking of accounts.
The move follows a string of hacks of high-profile accounts by groups such as the pro-government Syrian Electronic Army, which hijacked the Twitter newsfeed of Associated Press and broadcast a string of false tweets.
One of these tweets alleged that US President Obama had been injured in a bomb attack at the White House, instigating a brief but sharp dip in US stock prices. The BBC, the Guardian and the Financial Times have also been affected.
In response, Twitter has announced that it will soon offer two-factor authentication using mobile phone verification. Two-factor authentication involves an additional level of authentication on top of a password, typically either via something that ought to be in the possession of the legitimate account holder, such as a SecurID token or a passcode sent to their mobile phone.
In a blog post, Twitter has outlined how its more secure authentication system will work.
"This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enrol in login verification (which may not work with some cell phone providers). However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future," wrote Jim O'Leary, a member of the product security team, in the blog.
Two-factor authentication is offered as an option for a number of online email services, including Google's Gmail, Microsoft's Outlook, Ymail, Facebook, Apple iCloud and Dropbox.