May 24, 2013
Twitter’s Two Factor Authentication May Not Help Those Who Need it Most
Victoria Harres is a Vice President, Digital & Events Marketing
There are a multitude of vulnerabilities for brands in social media and none so famous perhaps as the recent hack of the Associated Press Twitter account, which had a lot of people in the media pointing fingers at Twitter for not having a more secure platform.
Many called for two factor authentication, like Facebook offers. Adding this feature to your account will require you to enter a code that is texted to your cellphone when you attempt to log in.
This week Twitter announced that it has now added that very feature.
Per Twitter’s instructions, you can enable the new security feature in three simple steps:
1) Visit your account settings page.
2) Select “Require a verification code when I sign in.”
3) Click on the link to “add a phone” and follow the prompts.
However, if you share management of a brand Twitter account, this new verification process may not work for you. Ask yourself, whose cell phone number is going to be attached to the account and how certain are you that person and ‘their cell phone’ will be available each time the code is needed?
Jim O’Leary on Twitter’s product security team states on Twitter’s blog, “With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.”
That sounds good. Most brands use a third party application like Hootsuite to manage Twitter. But sometimes authorization fails. Sometimes you need to delete an erroneous tweet quickly. Sometimes you get a new laptop and what if the person with the cell phone attached to the account is traveling. I can think of too many reasons why I don’t want one of our brand accounts attached to a single person’s cell phone. Not the least of which is if an account is hacked the person able to act quickly on your team to log in and change the password may not be the person with the cell phone needed for the security code.
Twitter’s security solution is a start, but it’s not a solution that will work for all, and certainly not in all situations.
In truth, the bigger problem to be addressed may be internally. Educating employees on not clicking questionable links in emails may be in order. The Onion, which was recently hacked, kindly shared exactly how the attackers got in. It all started with an employee clicking on a link in an email that should have been questioned. The AP admitted that it was hacked similarly, because an employee clicked on a link that came in an email.
What should we be doing until all social networks are secure from hacking and the threat of spam emails has been eradicated? As marketing and PR professionals managing brand social media accounts, we should all be having serious and hopefully productive conversations with our information security officers, as well as keeping ourselves educated on what the current threats are.
Information and awareness are essential.
Victoria Harres is VP, Audience Development & Social Media at PR Newswire, the main voice behind @PRNewswire, social media lead for @Business4Better and a frequent speaker and writer on social media for business.