There were numerous reports last week about high-profile Twitter accounts being hacked (e.g., 60 Minutes, the BBC and the Associated Press).  While those are the ones being reported, any Twitter user has to be concerned about whether his or her account can, or will, be hacked.

As Matt Honan reports (, “Twitter Now Has a Two-Step Solution”; April 24), Twitter is appropriately concerned about these hacks and is doing something about it.  In his article, Mr. Honan reports that Twitter is now doing internal testing of a new two-step authentication process.

So what is this new approach?  The solution being tested goes by various terms — two-factor authentication or two-step authentication or multi-factor authentication.  In the security and privacy worlds these all constitute the same approach — and is an authentication approach that is stronger protection than just using only a password.

Here’s what a user will need under a two-factor authentication approach:

  1. Factor One: Something he or she knows (a password); and
  2. Factor Two: Plus something he or she has (a previously registered device).

As Mr. Honan wrote, Twitter users logging in from a new location will enter a password and a randomly generated code sent either to their device (either a text message or to a smartphone application).

When will Twitter roll out the new authentication?  It’s not certain but Mr. Honan aptly notes that Twitter will want to do this in the very near future.

There are no fool proof solutions against hacking.  However, a two-factor process is definitely better for protecting accounts than simply using a password.