When someone I never text back continues to text me all the time
On Twitter account security
In the wake of the AP Twitter account compromise today, a number of people have called for Twitter to add two-factor authentication for logins. This would be a good step, but something else struck me as a fundamental flaw with organizational Twitter accounts right now: all of the users share a single logon and password.
"The challenge (with corporate-owned Twitter accounts) is, we share the password," Chester Wisniewski, senior security advisor at Sophos, told NBC News.
What a mess.
Two-factor authentication would be helpful and should definitely be considered, but Twitter also really needs is a way to delegate organizational posting authority to individual users, allowing the organization to use a secure, master password for the master account, and specifically granting access to individual users by their personal logins. This would allow an administrator to control user access at a granular level, and would prevent a compromised user password from hijacking the entire account.
With Twitter’s expanding role in the dissemination of news and public safety information (see: Boston Marathon bombings and the ensuing manhunt), the integrity of these organization’s Twitter accounts is becoming a national and economic security issue. Delegation and two-factor authentication combined would be a strong defense against these types of password compromise.