Skip to main content

Notes on Twitter's two-factor authentication

Welcome to club.

We're glad to see Twitter moving away from SMS, which has numerous defects to an authentication system that uses public key cryptography. Since WiKID was founded over 10 years ago, we have believed that asymmetric encryption is the best way to do authentication in the connected world.

I have enabled it on one of my accounts - oddly, I was not able to verify my email on another. It is pretty slick and easy to use. But, I foresee some potential issues.

First and foremost, this will not help the major brands and advertisers. Big news organizations and brands have more than one person managing a Twitter account. A good number outsource it to a marketing/communication firm. There is no single phone that can be used. At least two of our customers provide this type of functionality using our API. A large email management service has used our API and tokens to secure multi-person control of accounts. Online Banking Solutions uses our API to allow banks to enable their customer to use two-factor authentication, making the banks the identity providers and pushing control closer to the decision makers. (They have also embedded our tokens into their client.)

Secondly, one of the things we like about using public key cryptography for two-factor authentication is that it makes is very easy to have more than one token per user. So, I am disappointed that I cannot use both my phone and my tablet as tokens.

Third, while I see this as minor, my authentication request came in from Montvale, NJ, no where near my location, but obviously a POP of my ISP. People will probably become immune to this. It could be an issue, but this isn't a bank web site (and sadly, banks don't have this level of security).

All that being said, I think this is a great consumer-facing two-factor authentication feature for Twitter.

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom