Twitter is looking to invest in increased security following the hacking of 250,000 accounts over the weekend, as the social network looks for a software engineer to create multi-factor authentication.


Two-factor (or multi factor, as Twitter calls it) authentication means that it would be impossible for a hacker to gain remote access to your account, even if they knew the password, because every time the account is accessed from an unfamiliar device the account owner is informed and challenged with an automated text message.

Google already has two-factor authentication with Gmail, preventing you from accessing your account from an unrecognised device without you entering your password along with a numerical code sent to you by text; the hacker would need your password and access to your phone before the account could be compromised.

However this is not the default setting on Gmail and has to be enabled by each user.

The Twitter job listing for a software engineer in product security is based at the company's San Francisco offices and lists under opportunities: "Design and develop user-facing security features, such as multifactor authentication and fraudulent login detection."

On 1 February Twitter announced that it had been the victim of a cyber attack in which 250,000 account passwords were compromised. Passwords for the affected accounts were reset by Twitter, and emails sent to users, prompting them to create a new password.


"This attack was not the work of amateurs," Twitter said "and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked."

Days earlier, both the New York Times and Wall Street Journal announced that they had also been the victims of cyber attacks that compromised user accounts.

Twitter added that it was working with government and federal law enforcement authorities to trace those behind the attacks, and took the opportunity to remind its 200 million users to follow "good password hygiene" on Twitter and elsewhere on the web.

Graham Cluley, senior technology consultant at Sophos, told the Guardian that the added security would be "a splendid idea - I'm looking forward to it.

"It's something that we've wanted for some time. We've often said we would be prepared to pay for it - Twitter could monetise it by offering it to corporations and branded accounts. It would be pretty attractive."

There is no indication from Twitter that it plans to charge for added security - or indeed that multistage authentication is coming soon - but its growing appeal to brands, companies and personal users alike will no doubt make added security essential in future updates.