In what was a mind-boggling series of events in real time, one Associated Press hack and a false tweet about the White House sent the stock market into a momentary free fall. Twitter hopes to stop intrusions like that in the future by introducing a two-factor authentication process, Wired has learned. When this offering will be available to users is unknown.
The company has been working on this at least since we talked to them in November, and became more apparent when it was seeking to hire engineers with specific experience with login security. Why has it taken so long? That’s a question that only Twitter can answer.
Google rolled out its two-factor authentication offering in 2011, but Microsoft only just introduced their own last week. Making additional authentication steps mandatory for all users is a non-starter, since any friction standing between a social service and engagement would be a nightmare.
Having said that, this type of authentication is something that every verified account on Twitter should have had long ago. When Twitter verifies an account, it’s saying that it’s gone through some type of procedure to approve that the person or entity is who they say they are. Keeping that integrity safe is essential to the entire concept.
In Twitter’s defense, a two-factor authentication for accounts that might be used by multiple parties in multiple locations, such as in the AP’s case, could be a hard problem to solve. In Google’s two-step process, as well as Facebook’s, you’re sent a text message with a code to enter when logging into your account from an un-authenticated device:
How something like that will work for an account managed by multiple people is a head-scratcher.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Until two-factor authentication rolls out, it’s smart to be vigilant when it comes to clicking on unknown links, and it’s always a good idea to change your password from time to time. Word of advice, though: Don’t make your password something like “APm@rketing.” That could get hacked at any time, no matter who you are, but especially if you’re the Associated Press.
[Photo credit: Flickr]
