1 Comment

Summary:

LinkedIn is the latest web company to add two-factor authentication to protect a user’s password and account. But is that really the best companies can do?

linkedin

So you’ve added two-factor authentication to your web service? That’s a good start. But at this point, two-factor authentication should be just a baseline standard for basic security practices. How much further will you go to protect your users from hacks?

LinkedIn is the latest company to announce that it’s added two-factor authentication to protect user accounts, and it’s a welcome addition from the company that’s experienced significant security breaches in the past. Twitter finally added it last month (after going far too long without it) and Apple and Microsoft have added it in recent months as well. Facebook added its own version of two-factor authentication in 2011, and Google has had it for much longer.

But two-factor authentication, which essentially asks you to confirm your identity with a second code from a device like a smartphone when you go to enter your password, is just a start. Many people have written why two-factor authentication won’t solve all your security needs — it’s certainly not a foolproof way to prevent attacks as the sophistication of hackers evolves to target specific individuals in an organization.

From the Onion to the AP, the companies finding themselves the target of social media hacks is constantly increasing. And as the reaction to the AP hack that affected the stock market showed, the consequences are more than just some Twitter embarassment.

This week, HootSuite announced that it was adding additional security features for its enterprise users, teaching them what to do in case of a hack, assessing their social media accounts for risk, and sending notifications in the case of suspicious activity. These types of measures from companies like HootSuite should serve as motivation for Twitter itself to do more, which Twitter’s CEO Dick Costolo said the company is focusing on.

Greg Gunn, HootSuite’s VP of business development, told me that for a company like Twitter, it’s always a balance of figuring out what security tools it should provide to large enterprise clients itself, and which can be served by third-party certified partners like HootSuite which are more geared toward these customers. But he said he imagines Twitter’s security standards will continue to evolve as users themselves demand it.

“The market will dictate what Twitter should prioritize as native,” he said. “And I’m sure they’ll continue to make native strides to add security measures on their platform.”

So by all means, add two-factor authentication as a solid step toward protecting your users. But as startups like HootSuite have shown, that’s just a start.

  1. I agree with the article. I also think two factor authentication is also important for smaller companies/websites, because most people use the same passwords for every site, so if a smaller site is hacked, there is an issue.

    The problem is that for most of smaller sites it’s hard to invest in the implementation of a second factor authentication, but they still can use online services that provide it, such as http://www.whitefactor.com

Comments have been disabled for this post