Twitter announces text message based one-time password initiative

1 November 2014

I was eager to read more about Digits, Twitter’s text message based one-time passcode service, when the message popped up in my inbox. Because with one-time passwords identity theft or password phishing are things of the past. And with Twitter another global player besides Microsoft and Google jumps onboard the anti-password campaign.

Twitter provides the development platform and messaging infrastructure that allows app developers to waive passwords. Users could use their mobile number as the first authentication factor and the one-time passcode provided by an SMS as second authentication factor for login to a service.

The good news is: The service is free of charge and, since Twitter uses its own trusted infrastructure, the service will be available in 191 countries with support for 28 languages from the start.

Sound’s really good.

But not everything that glitters is gold. Man-in-the-middle attacks could become as serious issue as well as tampering of mobile phone numbers. Hopefully Twitter has developed a threat model for the new service and mitigated at least the known the vulnerabilities.

A new era of IT security is downing …

Advertisements

One thought on “Twitter announces text message based one-time password initiative

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s