Twitter today launched a feature that will allow users to opt into two-factor account authentication on the service.
Users who turn on the feature will receive an access code on their smartphone by SMS text message each time they attempt to log in to Twitter. They will be required to enter that code each time they seek to access their accounts.
The company was pressured earlier this month to support more-secure login features, after several high-profile media accounts, including one belonging to the Associated Press, were hacked.
But security on the site has been a problem for Twitter since it first became popular, according to Sophos Security researcher Chester Wisniewski.
The SMS text approach to account security has a couple of limitations, Wisniewski said. First, some carriers don’t deliver SMS texts generated in this way. And, second, it’s not a practical solution for high-profile users like those whose accounts were recently hacked. Enterprise and celebrity accounts usually have multiple users, only one of whom has the phone whose number is linked to the account.
“To do this properly, Twitter needs to go in the direction of Google+ and Facebook. They allow for “company” accounts and then assign regular users to be administrators. No shared passwords, and everyone can use two-factor,” said Wisniewski.
Twitter indicated that it will likely roll out other means of beefing up account security.
“Much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future,” the company said.