Twitter Looks to Kill Passwords

Twitter is tackling the problem of users juggling too many hard-to-remember passwords by simply getting rid of them.

The social micro-blogging service has announced a new user-onboarding scheme for mobile app developers, which allows users to sign up or sign into an app using their phone number and two-factor authentication. It’s called Digits.

Essentially, a user signs up or in using a phone number and then receives an SMS code as the second step for authentication. The company is making the function available to all developers as a back-end offering, unrelated to the global twitterverse that it oversees. Mobile functionalities are first, with web APIs to follow later.

Jason Hart, vice president of cloud solutions at SafeNet, told Infosecurity that the move is an encouraging one towards better overall app security.

“Twitter’s announcement of a new text message-based initiative clearly indicates the move towards increased security measures over social media,” Hart said. “Today we have so many passwords to remember that we tend to opt for easy-to-guess passwords, use the same passwords for several accounts, or even write down passwords where they can be easily found. Therefore, organizations need to look for alternative ways to authenticate users and bolster security. This means not relying on basic username and password for customer authentication and adopting a holistic security strategy that offers multiple layers of protection, such as one-time password (OTP), multi-factor authentication and encryption.”

For Twitter, it’s a significant effort to encourage app security while increasing the value proposition for developers to innovate.

“Building an onboarding flow that encourages users to sign up for your app can be challenging,” the company explained on the Digits site. “Many people are cautious to give up their entire social history to an app they just downloaded, and email and password log-ins as a last resort are cumbersome. With Digits, you can make your onboarding flow dead simple for your users by enabling them to log-in and signup using their phone number — an identity that they already use every day.”

Twitter pointed out that, especially in emerging markets where mobile phones may be a user’s only connection to the internet, phone numbers are the primary identity for most people. In fact, places like Africa, Latin America and undeveloped parts of Asia account for over 70% of the world’s mobile population.

“But if you’re not paying attention to emerging markets, you’re missing out on a lot more people,” said Digits product manager Michael Ducker, on stage at the event. “There are 940 million phones – smartphones – that are going to be sold this year in emerging markets. That’s three times the market for your apps.” 300 million people are buying a smartphone this year in the U.S. and Europe, he added.

Accordingly, Twitter is offering phone verification in 191 countries and built-in support for 28 languages.

“By using our SMS verification in lieu of passwords, you can minimize both support costs and sign-in failures—all while keeping your users happy and your app growing,” Twitter said. “Phone-based onboarding has been limited to large companies who can afford the time to build the infrastructure to deliver SMS—until now. With Digits, you gain the same level of security and SMS capabilities by simply plugging into Twitter’s own trusted, global infrastructure.”

What’s Hot on Infosecurity Magazine?