- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Twitter, the increasingly popular micro-blogging service, has come under quite a bit of criticism in the past few weeks. Users of the platform, which describes itself as an "information-sharing network" are struggling with what to do about false information being spread around.
It may not sound like a big deal for individual users to let a white lie slip about some status update. But during the past few weeks there have been some more concerning examples of misinformation spreading across the social forum.
For example, Twitter users (as well as those on other popular sites such as Reddit.com) were quick to identify certain individuals as possible culprits of the Boston Marathon bombings days after the attacks, including a Brown University student who had been missing and was later found dead with no connection to the Boston incident. Rumors about whether suspects had been captured or arrested streamed through Twitter users’ timelines as breaking news unfolded after the attacks, some of it true and some not.
After the commotion of the marathon incident seemed to have settled down a week later, another black eye for Twitter popped up when the Associated Press’s Twitter account was hacked, and perpetrators sent out fabricated updates from the venerable news agency’s Twitter feed reporting that the White House had been attacked and President Obama injured.
With such misinformation spewing out from the firehose that is Twitter, it begs the question: Is Twitter broken?
[WHO CAN BE TRUSTED? EFF: Trust Twitter -- but not Apple or Verizon -- to protect your privacy]
Twitter may have answered that question somewhat. The company is reportedly looking into adding a two-factor authentication system to the free service, according to Wired Magazine, which security experts say would make it harder for hackers to gain access to Twitter accounts, and could have possibly prevented the AP’s incident.
“It’s a great idea,” to implement two-factor authentication, says Scott Behrens, an application security expert at security consultancy Neohapsis Labs. The administrative and technical challenges of rolling out a two-factor system will likely be some hurdles to implementing a system, he says because Twitter integrates with so many other services, apps and web sites.
Despite some developers of third-party Twitter apps being upset by recent changes to “clamp down” on Twitter APIs, Behrens says those changes could actually make it easier to ensure third-party apps are playing by Twitter’s rules, including the potential roll-out of a two-factor system.
Two-factor authentication seems like a natural fit for the company though, especially in light of the recent incidents such as high-profile accounts like the AP being hacked. Others like the Burger King and Major League Baseball accounts have also been victims of hackings.
Two-factor systems, such as the ones sold from vendors like Symantec, RSA and others, usually require both a password that a user knows and some randomly-generated code that is supplied to them, and are an industry-accepted best practice security technique. Google already has an optional two-factor system, but Behrens says there’s a careful line. “Usability is the biggest question,” Behrens said; Twitter still wants to keep it easy for Tweeters to use – especially non-technical savvy ones, which is why he believes an opt-in approach would likely be best. Behrens wonders if Facebook and LinkedIn follow in Twitter and Google’s footsteps in exploring two-factor authentication?