Twitter Rethinks Authentication and Access

Sue Marquette Poremba
Slide Show

Data at Risk: Super Scary Facts

The Buggles song “Video Killed the Radio Star” came to mind today as I read headline after headline about Twitter’s plan to kill the password. Though the prediction that MTV would end the love of radio music wasn’t entirely true, the music video did change the way we looked at music.

So it’s also difficult to be totally convinced that the use of the password will end as the micro-blogging company announces its new initiative this week by introducing Digits, a new authentication service. Instead of using a password to sign in, with Digits, users type in a phone number and then receive a code via text to type in for authentication.

If you think that sounds a lot like two-step authentication, you are not the only one. That’s not a bad thing; rather, it is taking a good idea and updating it for today’s technology, as Tech Crunch pointed out:

This process makes more sense on mobile, not only because a username and password combination is something that’s a bit of holdover from the days where web was king, but also because in many parts of the world – and especially developing regions where smartphones are people’s only ‘computer’ – many users don’t have email addresses to use as their ‘username’ or logon ID. But they do have a phone number.

As Jason Hart, vice president of Cloud Solutions with SafeNet, told me in an email, Twitter shows that the time has come to bring security into the modern era and away from having to remember and reset dozens of passwords.

Social Media

But at the same time, we’d be foolish to think that the password is going to be replaced any time soon. As Paul Rubens wrote in an eSecurity Planet article:

While passwords have got a lot of bad press recently thanks to some massive security breaches, the truth is that as an authentication system they can provide a very high level of security. Perhaps more important, a password is cheap to issue compared to two factor authentication systems that rely on hardware tokens or biometric systems that use fingerprint or voice recognition.

Like videos did for music, Digits and Twitter will create a buzz and, if it is successful, we will see more companies, particularly social media outlets and apps that depend on mobile access, turn to similar authentication methods. However, the password is going to stick around in one form or another. I would be surprised if the password ever truly disappears. To announce that Twitter has killed the password is premature, at best.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Add Comment      Leave a comment on this blog post
Oct 24, 2014 8:41 PM Hitoshi Anatomi Hitoshi Anatomi  says:
Many people shout that the password is dead or should be killed dead. The password could be killed only when there is an alternative to the password. Something belonging to the password (PIN, passphrase, etc) and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. Neither can be something that has to be used together with the password (biometrics, auto-login, etc). At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.