Wednesday, 29 May 2013

Twitter Two-factor Authentication - a warning

Twitter has recently rolled out Two-Factor (or Two-Step) verification for logging into accounts. This is after a large number of high-profile hacks recently (BBC, The Telegraph, The Guardian. Financial Times), as well as many that didn't get lots of attention. A video about their implementation of 'login verification' can be seen on their blog here.

Why it might not work for teams

I am sceptical that this form of protection will do much for the companies that are targeted. Firstly, it requires having a mobile number set up on the account. How do multiple journalists in a company the size of the BBC, for example, post 24 hours from anywhere with only one mobile able to verify their identity? Many companies may choose to leave this new feature switched off to enable to teams to have continued access.

This is also due to the second problem they could face. Twitter only allows a mobile number to be associated to ONE Twitter username. So, again using the BBC example, there would need to be different mobiles (that you can't lose) for @BBCBreaking, @BBCNews, @BBCWorld, @BBCSport, @BBCworldservice, @BBCPolitics, etc etc etc.

Why it won't work for me

My mobile phone provider, EE, has the most subscribers in the UK (26.1million Dec 2012). Yet when I tried to enable login verification on my Twitter account EE was not an option, neither was T-mobile who they amalgamated with Orange.

Orange was on the list but, and here's the warning, if you try this when you are a new EE subscriber or formerly a T-mobile customer, rather than an EE-formerly-Orange-customer IT WON'T WORK AND YOU WILL BE LOCKED OUT OF YOUR ACCOUNT. Why this is, when Orange is part of EE, I don't know and there doesn't seem to be too much written about it on the web. For now I will just have to hope Twitter will work on and make a different authentication process available.

No comments: