News Ticker

Twitter updates is 2-factor authentication security system


In May, Twitter started offering users an optional way to make it harder for intruders to break into their account but it also makes it a bit harder for you to sign-on. It’s called “two-factor” authentication and — initially — was similar to methods used by Facebook and Google.

Two-factor authentication is a bit like an ATM card — you have a physical card and a secret personal identification number (PIN). Used together, they let you take money out of your bank account. Without the card, the PIN is useless and vice versa.

Twitter, Google and Facebook all require that you have your mobile phone handy. The system introduced by Twitter in May sends you a text message with a special one-time-only code when you try to log on.

Twitter on Wednesday introduced a new version of its smartphone app designed to make two-factor authentication a bit easier. It now uses “push messaging and in-application approvals,” so you no longer need to provide a phone number or rely on a text message. Once you activate it, every time you try to log on to Twitter you get a message saying “we’ve sent a login verification request to your phone.” You then have to launch the Twitter app to authorize access.

The biggest problem, of course, is if your phone is missing or isn’t working. Allthe companies send you a backup backup code  but only if you can remember it or find it. It’s unlikely most people will remember that random string of digits, so if you ever do find yourself with a dead or missing phone, you had better have that code handy.

Another option is to contact Twitter’s support team, which, according to a Twitter spokesperson, has ways to authenticate you and get you back in. But it’s not going to happen instantaneously.

This post contains some material from an upcoming column that will appear in the San Jose Mercury News.