The Inquirer-Home

Twitter tackles suspicious logins and password heists

Works on password best practice
Fri May 09 2014, 09:16

twitter-bird-logoTWITTER HAS CHANGED the way it handles passwords and has made it harder for attackers to take over users' accounts.

Post Heartbleed and a number of assaults on personal accounts, security is high on the agenda. Twitter said in a blog post that its changes are designed to preserve individual account integrity and clean up its authentication and password reset processes.

"We know some of you occasionally have difficulty accessing your Twitter account, and whatever the circumstances may be, we want you to be able to get back into it quickly and securely," it said.

"So today we're starting to roll out two improvements that will help protect your account and restore access: one, a streamlined password reset experience; and two, better identification and blocking of suspicious logins."

Twitter has changed its process for requesting a new password and, like others, is giving users more options relative to passwords. The firm will now offer more options for a password reminder, including text and email notifications.

"Whether you've recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options," it added.

While forgetfulness is common, so too are assaults on passwords and user accounts. Twitter also has an eye on 'suspicious activity' and will respond to untrusted access attempts with a question that the owner should know.

The system will monitor the security landscape, it added, and will react when password attacks are successful on other properties.

"We're aware that many people reuse the same passwords across multiple sites. And when any of these sites are compromised, stolen passwords could be used to access your account on Twitter. To protect your account in this scenario we built a system that analyses login attempts on your account - by looking at things like location, device being used and login history - and identifies suspicious [behaviour]," it added.

"If we identify a login attempt as suspicious, we'll ask you a simple question about your account - something that only you know."

Twitter said that it will send users an email should it discover suspicious activity on their accounts, adding that this would give them opportunity to change their passwords. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?