How to proceed after successful authentication?

Why doesn't Twitter offer two-factor authentication?

Google, Facebook and Twitter are widely used to authenticate users on a large number of other websites, which means if they are compromised any site that uses them for authentication may be compromised. Both Google and Facebook offer some form of multi-factor authentication--which goes a long way in protecting accounts even when the username and passwords are compromised. Twitter does not. Update: Apr 23, 2013, Wired confirms that Twitter now has two-factor authentication that is currently undergoing internal testing. http://www.wired.com/threatlevel/2013/04/twitter-authentication/?cid=7401184 Update: Apr 23, 2013, the Associated Press (AP) Twitter account was hijacked and used to report explosions at the White House and that the President had been injured, which subsequently led to 150-point drop in the Dow. TechCrunch reports that the hack was preceded by a phishing attempt. Needless to say, multi-factor authentication would have prevented yet another major hack. Update: In light of recent high-profile hijackings of Burger King and Jeep (and this follows a growing list of similar incidents that include NBC News, USA Today, and Fox News), Twitter's advice is to simply use better passwords--no talk of multi-factor authentication that would put an end to these hacks. Story here: http://arstechnica.com/security/2013/02/il0vethewhopper-doesn-cut-it-twitter-calls-for-tougher-passwords Update: Twitter was recently hacked and the company says that up to 250,000 user accounts may have been accessed with usernames, email addresses, session tokens, and password hashes stolen. It seems Twitter could substantially reduce the risk to user accounts in circumstances like this by simply offering two-factor authentication. Story here: http://www.wired.com/threatlevel/2013/02/twitter-hacked/
Answer:

Because it would cause great confusion across their user base It implies that Twitter is insecure - very bad for PR Social login is probably a poison chalice issue with Twitter's Managment To implent you own 2FA on Twitter: Use HootSuite Open GMail account Implement 2FA with Google's Authenicator - https://support.google.com/accounts/bin/answer.py?hl=en&topic=1056283&answer=180744&rd=1 Change your Twitter password to something you cannot remember Open a Hootsuite account with your GMail account Bind your Twitter to your Hootsuite account Change your Twitter password on a weekly/monthly basis

Was this solution helpful to you?

Other answers

Twitter offers two-factor authentication as of May 22, 2013. Here's a short excerpt from the https://blog.twitter.com/2013/getting-started-login-verification where they introduce the feature: Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web. Today weâ€™re introducing a new security feature to better protect your Twitter account: login verification. This is a form of two-factor authentication. When you sign in to http://twitter.com, thereâ€™s a second check to make sure itâ€™s really you. Youâ€™ll be asked to register https://support.twitter.com/articles/110250-adding-your-mobile-number-to-your-account-via-web and a https://support.twitter.com/articles/97942-confirming-your-email-address. To get started, follow these steps: Visit your https://twitter.com/account/settings page. Select â€œRequire a verification code when I sign in.â€ Click on the link to â€œadd a phoneâ€ and follow the prompts. After you enroll in login verification, youâ€™ll be asked to enter a six-digit code that we send to your phone via SMS each time you sign in to http://twitter.com. With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application. Of course, even with this new security option turned on, itâ€™s still important for you to use a strong password and follow the rest of our advice for keeping your account secure. This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers). However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned. Source: https://blog.twitter.com/2013/getting-started-login-verification

Dan Loewenherz

Related Q & A:

Why doesn't ClickOnce in Visual Studio deploy content files from dependent assemblies?Best solution by Stack Overflow
Why doesn't my PHP function work as expected?Best solution by Stack Overflow
Why doesn't MySQL upload my data properly?Best solution by php-mysql-tutorial.com
Why doesn't the messenger load?Best solution by Yahoo! Answers
Why doesn't Google or YouTube offer live customer service?Best solution by Quora

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.