Besides cybercriminals, Twitter users also have to worry about security in backing up their phones' data to protect the key. Twitter recommends encrypting all data.
While experts agree that multi-factor authentication is much better than using only passwords, the former is confusing to most people. That's because websites each have their own unique implementations, making them difficult for users to remember. As a result, most are unlikely to opt in and will continue using only their user name and password, experts say.
"To catch on, (multi-factor authentication) has to be easier than a password," Bradley said. "To get broad adoption, it has to be faster, more fun and better in some way than what people are use to with passwords."
The security industry is taking steps to develop an open authentication system that all sites could use to replace the current fragmentation. One organization gaining traction is the Fast Identity Online (FIDO) Alliance.
The nonprofit organization is working on standards-based technology that would enable a website to authenticate a visitor through the connecting device. FIDO, which Google joined in April, expects to have production-ready specifications available by early next year.
Sign up for CIO Asia eNewsletters.