Twitter, after disclosing a hack to its systems late last Friday, is now said to be considering stricter security measures on the site. A report from the Guardian noted that a company job posting mentions developing “multifactor authentication,” a process that increases security by asking users for more than their password at log-in.
Multifactor authentication — most often called two-factor authentication — has users log in as they normally do, but if users are logging in from a new device or location, it also asks them to input a second code that’s sent to something they’re sure to have with them. In most cases, this is a code texted to a users’ phone. Other companies, such as Google and Facebook, already offer users the option, which can be activated in their respective security settings.
Twitter spokeswoman Carolyn Penner said the company didn’t have anything specific to share about its plans at this time.
The micro-blogging service sent e-mails to approximately 250,000 of its approximately 200 million users, telling them they had reset the accounts for all affected accounts. Those who received an e-mail should change their password when prompted at the site — and also remember to change the passwords of any account that may have shared log-in credentials with Twitter.
Twitter’s director of information security Bob Lord wrote that the company believes this attack had similarities to other prominent attacks on media organizations. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” he said.
Twitter also repeated some good tips for making passwords, such as using at least 10 characters in your password, going for phrases that have a mix of numbers, symbols and capital letters. The company also advised users to disable Java in their browsers, though it did not specify whether the attack it experienced was due to a vulnerability in the nearly ubiquitous Oracle product. The U.S. Department of Homeland Security recently warned that users should disable Java in their browsers as a precaution against cyber attacks.