Micro-blogging site Twitter has announced it will introduce a more secure two-step login system after several high-profile accounts were hackeds.
Twitter accounts of The Financial Times, The Onion and the Associated Press (AP) have all been recently targeted by hackers. A tweet sent using the AP's account, alleging an explosion in the White House had injured President Barack Obama, caused the Dow Jones Industrial Average to drop 150 points as US markets were panicked by the news.
As well as the attacks on media publications, the information of 250,000 Twitter users, including email addresses, usernames and passwords was accessed by what Twitter called "extremely sophisticated" hackers.
The new two-step verification allows Twitter users to add an extra security measure to their accounts. By accessing their Account Settings page, users can opt to have a unique six-digit passcode sent via text message to their phone every time they log in to Twitter.com. In order to access Twitter via smartphone or web browser applications, users can visit the Applications Page to generate a temporary second password for apps.
If you already use Twitter on your phone or tablet - or a client like TweetDeck on your desktop, the services will continue to work as normal, and only look for verification if you log out of them.
"Of course, even with this new security option turned on, it's still important for you to use a strong password and follow the rest of our advice for keeping your account secure," wrote Twitter product security head Jim O Leary in an the official Twitter blog.
Services like Gmail already have similar two-factor authentication in place, though like Twitter this system is opt-in rather than mandatory which means many users simply don't use it.
Some security experts have criticised Twitter for using SMS messages as the method of verifying an account, with F-Secure's Sean Sullivan asking why Twitter didn't use Authenticator apps to generate the codes needed. He points to Android malware which has the ability to catch and forward SMS messages - "quite useful in cracking two factor authentications."
Following the announcement that Twitter would introduce two-step login verification, Kim Dotcom, creator of file-sharing sites MEGA and Megaupload, claimed he had patented the technology under his birth name Kim Schmitz.
Google, Facebook, Twitter, Citibank, etc. offer Two-Step-Authentication.Massive IP infringement by U.S. companies. My innovation. My patent
— Kim Dotcom (@KimDotcom) May 22, 2013
Dotcom linked to a patent filed in 1997 for a "method for authorising in data transmission system." The patent relates to "a method and device for the authorisation in data transmission systems employing a transaction authorization number or a comparable password."
Dotcom, who is facing extradition to the United States on charges of copyright infringement, is now threatening to sue companies who use two-step authorisation, such as Google and Microsoft:
"I never sued them," he wrote on Twitter. "I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the U.S. did to me."