After Twitter was hacked in February, it asked a quarter-million of its customers to reset passwords. Calls for Twitter to implement two-factor authentication got louder after that.
Future breaches won't give hackers anything to work with, at least for those who have opted to switch on two-step authentication, Twitter said today. "We chose a design that is resilient to a compromise of the server-side data's confidentiality: Twitter doesn't persistently store secrets, and the private key material needed for approving login requests never leaves your phone," said Alex Smolen, a Twitter security engineer, in a post to the company's blog.
Twitter has posted more information about the new in-app authentication that includes instructions on how to set up the feature.
Sign up for CIO Asia eNewsletters.