In the wake of a long list of account hackings, it's long overdue

Apr 24, 2013 06:40 GMT  ·  By

Twitter is working on a two-factor authentication system. That isn't much of a secret, "everyone" knows about it ever since Twitter published a job post looking for people with experience building a system like this.

But Wired has now learned that Twitter's two-step verification system is up and running, in testing internally.

It seems that some users will be getting the feature soon enough, though the roll out will be gradual, as with most other new features Twitter and other big sites implement.

But Twitter desperately needs a system like this, perhaps more than any other site. Hackers target popular accounts where they can get instant exposure.

This week alone, the accounts of CBS, FIFA, AP and others have been breached. It's a growing problem for Twitter and a two-factor authentication system would be quite useful.

That said, Twitter has a harder job than most in this case. Many of the popular accounts targeted by hackers belong to organizations and companies and aren't generally managed by one person.

Two-factor authentication systems rely on a second code, besides the password, to allow access. This code is sent by SMS or is generated by an app and is accessible to only one person, or at least at only one location.

Having a two-factor authentication system that works for multiple people at multiple locations is harder and in a way defeats the purpose of such a system.

Twitter is definitely working on it, but it may be a while before it has anything to show for it. Still, it could begin testing the system, at least with some high-profile accounts, soon enough, maybe even in the next few weeks.

But the company isn't saying anything, Twitter's security chief Bob Lord certainly wasn't surprised when we asked him about two-factor authentication, less than a couple of weeks ago, but he didn't have anything to say about it.