(By Apurva Chaudhary & Vikas SN)
Earlier this week, Twitter introduced a two-factor authentication process through SMS, in a bid to strengthen the security of Twitter users after it faced high profile account hijacking last month.
This process allows Twitter users to add a verified mobile number and a confirmed e-mail address in their account settings and enable the feature from their account settings. Following this, whenever the user enters their name and password to log in to Twitter.com, it asks them to enter a six digit security code which is sent via SMS to the verified mobile number, in order to confirm that the user is actually the account owner.
However, since Twitter is dependent on SMS service for verification, the two step authentication is currently not available to several Twitter users in India, since it currently supports only three carriers – Airtel, Tata Docomo and Reliance. This leaves out a lot of Twitter users on other carriers like Vodafone, Idea, Aircel, among others. We tried it on a Loop mobile, Vodafone, and Idea Cellular connection and when we tried to add setup our number, it gave us an message saying “Sorry, we don’t have a connection to your carrier yet.”
The company notes that it plans to add other carriers in the future, however in the past seven years, Twitter has extended SMS service only to three operators until now. Twitter had inked an exclusive deal with Airtel in 2009 to offer Twitter on SMS service to Airtel subscribers in India, which seems to have been extended to Tata Docomo and Reliance Communications now.
We are a little surprised on why Twitter hasn’t inked deals with other Indian telcos to extend the SMS support to their respective subscribers or else provided an alternative method for Twitter users in India (or elsewhere) to use this service. For instance, Google’s 2-step authentication process is also dependent on SMS but it also offer various other backup options like Google Authenticator mobile app, send the code through a voice call, allow users to sign in through a backup phone, and offer printable backup codes among others. More backup options will provide a sense of security for users to enable the service, in spite of it making the login process more cumbersome for them. We hope that Twitter rolls out more options for users to receive the access code in the future.
Problems With Shared Accounts
Another problem with Twitter’s 2 step authentication process will be the lack of support for shared accounts. While this will not affect regular Twitter users, it will pose a significant problem to brand accounts and high profile Twitter accounts, where the accounts are usually managed by several people, who would therefore be needing access to the codes to login to the account.
The current SMS verification process supports only a single phone number to send access codes. So, whoever sets up the 2 factor authentication for a brand account with their phone number, will have to keep relaying the access codes to their team members whenever they need to log in the account. This will probably lead to brands shying away from enabling this feature on their accounts, thereby not solving the hacking problem which Twitter is trying to address.