In case you hadn’t seen the news, Twitter login verification was announced yesterday. While I certainly don’t want to praise Twitter for implementing second-factor authentication login long after they knew a problem existed, it does remain a solid step in the right direction. http://youtu.be/IsdvJI0AK5M This should help lower the instances of account high jacking; however, more advanced methods of phishing, possibly involving malware, can still thwart this simple SMS-based method. We have first-hand knowledge from the financial industry that the SMS channel is compromised. The hindrance to user adoption will be the average user desires the least amount of friction between themselves and the Twitter interface. And while not all accounts are created equal the SMS-based approach will suffice for a large portion of the user population. There are methods, available today, to enact a great level of identity assurance via mobile devices. Hopefully Twitter will continue investing in user authentication methods that provide greater levels of identity assurance for more prominent, higher-risk accounts. Even some simple, transparent methods may be enabled to help provide increasingly better security for users. These transparent methods are designed to limit user frustration and login friction. A potential negative side effect of this SMS-based approach? Mobile malware targeting the SMS channel will likely increase faster than at the current pace, further capitalizing on the casual nature of the social channel. This will only further the need to provide the Associated Press and the like with higher assurance options. Caveats aside, we strongly encourage everyone to enable Twitter’s login verification. Just because you don’t think you are a target doesn’t mean you shouldn’t take steps to properly secure your identities. Providing your username, password and an SMS-based verification code isn’t that hard or takes much time. If you prefer to stay here for instructions see below.