Yesterday’s announcement from Twitter that it will be adopting a mobile phone-based system of two-factor authentication feels like a landmark of sorts.
This is not because it is a ground-breaking use of technology: Gmail, Facebook, Outlook and Hotmail are all employing similar systems and have done so for some time, while online banking has used mandatory ‘2FA’ for a number of years. Firstly, the announcement is significant because it recognizes the value and the importance of Twitter, and the potentially devastating consequences of a security breach. Secondly, Twitter had felt like the last remaining major platform which had hitherto ignored the need for stronger security, and its falling into line seems to signal 2FA’s mainstream acceptance.
It has been widely reported that this move is a direct consequence of a recent hack of the Associated Press’ Twitter account by a group named the Syrian Electronic Army. The resulting tweet (which claimed that President Obama has been injured by a bomb blast) caused stock markets to dip, albeit temporarily, and it is this which may finally have prompted Twitter’s executives into action. The move to 2FA shows that, whilst Twitter may once have been seen as a means of exchanging trivial messages with friends, it is now big business, and security breaches can have big repercussions.
Other recent innovations, such as a tie-up with Amex which will allow users to make payments using a hashtag, suggest that the microblogging pioneer it is starting to take its commercial aspirations more seriously. With more revenue to be generated through advertising and other partnerships, Twitter may have realised the importance of watertight security when selling its services to major brands.
It is this realization which has brought Twitter into line with its peers, and for that it should be commended. Yet it must still be pointed out that two-factor authentication is opt-in, rather than mandatory. The number of people who will choose to take up the offer of stronger authentication remains to be seen, but it would seem to be something that will appeal to a minority of the user base: businesses and celebrities, rather than everyday users.
The next step in bringing stronger authentication to the mainstream will be making 2FA a mandatory requirement. It will be a bold step from the provider which decides to do this first, but with online identities becoming more valuable, it also seems inevitable.