Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Twitter Tweaks Password Security as Account Hacks Continue

Twitter Tweaks Password Security as Account Hacks Continue
Twitter Tweaks Password Security as Account Hacks Continue
Twitter has updated its password security to make the recovery of credentials easier and to block suspicious behaviour more effectively, in a bid to address the increasing number of high profile account hijackings.
 
Twitter, the microblog giant, revealed in a blog post on Thursday 8th May, that it was rolling out two major enhancements.
 
The first will give users who have lost or forgotten their passwords more options during the reset process. Specifically, it’ll mean they can have the reset information sent to either an email or a phone number associated with their account.
 
“That way, whether you’ve recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you’ve got options,” wrote Twitter product manager, Mollie Vandor.
 
She also claimed Twitter has made unspecified improvements to ease the password reset process on Android or iOS devices, and has added “customized tips” to help users strengthen their log-in credentials.
 
The second major improvement involves a new back-end system to help mitigate the problems that ensue from users re-using passwords across multiple sites – which it said can lead to stolen passwords being used to illegally access Twitter accounts.
 
“To protect your account in this scenario we built a system that analyzes login attempts on your account — by looking at things like location, device being used and login history — and identifies suspicious behaviour,” wrote Vandor.
 
“If we identify a login attempt as suspicious, we’ll ask you a simple question about your account — something that only you know — to verify that your account is secure before granting access.”
 
Twitter said it will also send an email in those instances to inform the account holder that suspicious activity has been detected, in case they need to update their log-ins.
 
May alone has seen a steady stream of high profile account hijackings, including those belonging to the Wall Street Journal, Tottenham Hotspur football club and British National Party chairman Nick Griffin.
 
Twitter has on occasion also been its worst enemy. In March the firm issued an unspecified number of password reset notices which later turned out to be a massive false alarm after it admitted they were sent out “due to a system error”.

What’s Hot on Infosecurity Magazine?