A rash of high-profile hacker attacks on verified Twitter accounts has raised serious concerns about Twitter’s porous security measures. Twitter finally answered the call on Wednesday, introducing a form of two-step verification that many had been calling for.

Twitter's new two-step verification process means users will be asked asked to register a verified phone number and a confirmed email address, and use each of these at login to confirm their identity. Simply check the box for “require a verification code when I sign in,” click the link to add a phone number, and enter the six-digit verification code Twitter sends via SMS message upon login. This video explains how to set up the whole process in less than a minute.

Existing applications will continue to work without disruption, though if you need to sign into Twitter on another device or app, you will have to create a temporary password on the applications page to log in and authorize the app. According to a blog post by Jim O’Leary from the product security team at Twitter, this new feature will clear the way for Twitter to deliver more security measures in the future.


Just hours after the announcement, Kim Dotcom, the controversial founder of Megaupload, released a document that he claims proves that he invented the two-step verification used by Facebook, Google and now Twitter. While he said he does not wish to sue them or the thousands of others that use his invention, he did ask the companies to aid him in his ongoing legal battles with the U.S. government. 

Major brands like the BBC, Financial Times, Burger King and Donald Trump have experienced Twitter hacks. In April, an attack by the Syrian Electronic Army on the Associated Press’s Twitter account led to a false tweet about an explosion in the White House. The following panic even resulted in a brief collapse of the stock market.

Many of these attacks originate from a phishing scheme, which involves malware hidden in an email. The malware accesses the login information of a Twitter account and allows a hacker to access. Without access to the text message sent to the verified phone, hackers theoretically won’t be able to log in even if they get the Twitter account’s username and password.  

What do you think about Twitter’s new security feature? Is it worth getting a text message every time you log in, or will it be too annoying? What about having to create a temporary password when trying to log in through an app? Let us know in the comments section below. 

Follow Ryan W. Neal on Twitter