Twitter was hacked last week and around 250,000 accounts passwords were compromised. Been hacked isn’t fun and apparently Twitter wants you to use 2 Step Authentication to login to your timeline. In a job listing posted by Twitter, it looks like they are hiring software engineers to develop “user-facing security features, such as multifactor authentication and fraudulent login detection.”
Right now Twitter uses OAuth as its authentication protocol. This protocol prevents attackers from recording and replaying session information trying to hijack open user sessions. Twitter also uses SSL (Secure socket layer) encryption to pass user credentials from Web browsers to their servers securely.
Google uses 2 Step Authentication to login to your Google account. It adds an extra layer of protection to your account as hackers, if want to hack your account, must also have read permissions on your Smartphone. Microsoft has also implemented the similar function in their services. What it does is, it blocks activity from an IP address or unknown device. Though you can always add a device in the trusted device list, it really helps you protect from hacking, as nobody can’t access your account without your phone.
But two-factor authentication isn’t a cure-all for user security. For example, in the case of Wired‘s Mat Honan, attackers were able to use information available publicly to convince Apple they were Honan so they could “recover” his account and reset his AppleID passwords. Hackers gained access to his Twitter accounts and Gizmodo’s Twitter account in the process. Account recovery allows users to use an e-mail address to reset their account information if they have lost or forgotten their password, but it also allowed the hackers to gain access to Honan’s Gmail account, as his alternate account was his Apple e-mail address.