The Washington Post

Twitter said to mull stricter on-site security

An illustration picture shows the log-on icon for the Twitter Web site on an iPad in Bordeaux, southwestern France, in this Jan. 30, 2013 file photo. (© Regis Duvignau/Reuters)

Twitter, after disclosing a hack to its systems late last Friday, is now said to be considering stricter security measures on the site. A report from the Guardian noted that a company job posting mentions developing “multifactor authentication,” a process that increases security by asking users for more than their password at log-in.

Multifactor authentication — most often called two-factor authentication — has users log in as they normally do, but if users are logging in from a new device or location, it also asks them to input a second code that’s sent to something they’re sure to have with them. In most cases, this is a code texted to a users’ phone. Other companies, such as Google and Facebook, already offer users the option, which can be activated in their respective security settings.

Twitter spokeswoman Carolyn Penner said the company didn’t have anything specific to share about its plans at this time.

The micro-blogging service sent e-mails to approximately 250,000 of its approximately 200 million users, telling them they had reset the accounts for all affected accounts. Those who received an e-mail should change their password when prompted at the site — and also remember to change the passwords of any account that may have shared log-in credentials with Twitter.

Twitter’s director of information security Bob Lord wrote that the company believes this attack had similarities to other prominent attacks on media organizations. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” he said.

Twitter also repeated some good tips for making passwords, such as using at least 10 characters in your password, going for phrases that have a mix of numbers, symbols and capital letters. The company also advised users to disable Java in their browsers, though it did not specify whether the attack it experienced was due to a vulnerability in the nearly ubiquitous Oracle product. The U.S. Department of Homeland Security recently warned that users should disable Java in their browsers as a precaution against cyber attacks.

Related stories:

Can Twitter replace the Super Bowl ad?

Twitter confirms second outage this month

Anonymous posts file claiming to have information from 4,000 bank execs

Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.

Hayley Tsukayama covers consumer technology for The Washington Post.
Show Comments

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.