0
Buried in an announcement Tuesday, Twitter said it will now support physical security keys for login verification, making it far more difficult to break into a user’s account.
Known as universal two-factor (U2F) devices, these small keyring-sized devices that you can take anywhere add an extra layer of security to supporting services. Unlike a text message code sent to your phone that can be intercepted and used, a universal two-factor keyfob requires a user to physically push a button to authorize a login.
Because an associated key will also only work on genuine Twitter pages, it still helps protect against fake phishing pages that try to steal your password.
(Image: file photo)
That can help prevent remote attacks from skilled attackers on the other side of the world.
Twitter said that in order to set up a physical two-factor key, that user’s account must be associated with a mobile phone number — another new measure that Twitter is requiring of all new accounts, the company said in a blog post.
“This is an important change to defend against people who try to take advantage of our openness,” said Twitter.
It’s part of a renewed effort by the social network to improve security and privacy by using machine learning technologies to automatically reduce malicious bots and spam across the site.
It comes just a few weeks after the company asked its entire 330 million users to change their passwords after a bug exposed users’ plaintext passwords.
Twitter is rolling out the new universal two-factor feature in stages starting Tuesday. Anyone with the setting enabled can use its support page to set up the new login verification setting.
The social networking giant isn’t the first company to roll out universal two-factor protections to its users. Google first made headlines by rolling out the feature as part of its so-called Advanced Protection Program, which helps protect against government-backed hackers.
Twitter said it has blocked more than 9.9 million potential spammy or automated accounts per week in May, the company said.
Got a tip?
You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Read More
ZDNET INVESTIGATIONS
Researchers say a breathalyzer has flaws, casting doubt on countless convictions
Lawsuits threaten infosec research — just when we need it most
NSA’s Ragtime program targets Americans, leaked files show
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
Related Topics:
Security TV
Data Management
CXO
Data Centers
0