Twitter’s Solution to Hacking: Two-Step Authentication

Twitter's two-step authentication Shutterstock: JMIKs[/caption]

It’s been a hectic few weeks for Twitter, with the acceleration of false allegations from the Boston bombing and repeated high profile hacking incidences drawing national attention.

The Associated Press most recently fell victim to the attacks, admittedly led by the Syrian Electronic Army, or SEA, who sent out a tweet reading “Breaking: Two Explosions in the White House and Barack Obama is injured.” In a matter of seconds, the Twittersphere responded and the falsely reported news spread like wildfire across the Internet, having both digital and real-world implications.

In less than 140 characters, Twitter rocked the stock market, leading to a 100 point drop in the Dow Jones Industrial Average. While the stock market recovered almost as fast as it plummeted, the panic that ensued illuminates a fascinating — and potentially dangerous — effect of an SEC decision made earlier this month.

In a press release dated April 2, the Securities and Exchange Commission (SEC) gave companies and investors the green light to share key information on social media sites. Recognizing that “most social media are perfectly suitable methods for communicating with investor,” the decision signifies the growing importance of social media in company relations with investors.

This means it is now OK for companies to share valuable information and data with investors in a click of a button, a practice that has empirically had a substantial effect on the stock market.

With power comes great responsibility, however, and thus arises the need for security and verification. Recognizing the need for increased security on the social media site, Twitter sent out a memo earlier this week warning companies of the dangers of outside attacks.

“There have been several recent incidents of high-profile news and media Twitter handles being compromised,” Twitter said in the memo. “We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.”

Its solution is two-step authentication. Initially reported by Wired, Twitter has already conducted internal testing on a system that would require an extra code to be entered to access one’s Twitter account. While Twitter has not officially announced a timeline for the service, reports indicate that the two-step authentication would send the additional code either as a text message or email.

Had this already been in place, last week’s AP hacking would have likely been prevented. According to AP, the hackers probably gained access by using phishing attacks, meaning somebody with access to the account likely clicked on a link inside an “impressively disguised” phishing email.