ThreatMetrix’s Chief Product Officer Questions the Effectiveness of Two-Factor Authentication in Protecting Twitter Users
With successful hacks on Burger King’s, The Onion’s and the Associated Press’ Twitter accounts, Twitter has added another layer of security called login verification.
According to the piece on Mashable by Samantha Murphy, “The two-factor authentication is SMS-based, which means Twitter sends a code in a text message to users’ phones each time they want to log in. The code is generated when someone tries to log in; the code changes after each login attempt.”
Security expert Derek Halliday observed that, “Two-factor authentication is especially crucial for Twitter accounts that represent a brand, high-profile person or organization, and the management of those accounts should make it mandatory…. As with any security measure, there’s no silver bullet to prevent all hacks, but if people adopt safety precautions, the risk can be minimized.”
Google, Facebook, PayPal et al. already provide users the option of having two-factor authentication. Now Twitter has decided to follow suit though many social media brand managers may not be enthusiastic about the move.
Security professional Amber Gott, who strongly approves of Twitter’s two-factor authentication, can see the social media brand mangers’ point of view. “It’s true that you’re adding a few seconds to the login process, and you have to ensure you have access to the correct device or email account in order to complete the login.”
While Alisdair Faulkner, ThreatMetrix’s chief products officer, agrees that two-factor authentication can’t hurt, he believes much more is required to protect accounts from hackers. “Two-factor verification can be like airport screening: It is inconvenient (and) everyone in the security industry knows it has holes. (But it) can give people a sense of protection.”
Faulkner added, “If adopting (two-factor authentication), the average user should start with protecting their email account. Email is the number one target for hackers because it is where the majority of password reset links are sent.” Gmail is one of the email services offering two-factor authentication.
Another security expert, Ali Reza Manouchehri advises that companies be wary of third-party apps on Twitter. “If you want to use a third party app to tweet for you, you’re giving that service access to your account. Companies should put controls in place to identify apps that are approved through a vetting process and require that all employees follow those processes.”
Sounding a similar cautionary warning to Alisdair Faulkner, Manouchehri adds, “No security is ever perfect and there’s always more than can be done.”
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.