One year after Twitter introduced its two-step authentication process, the microblogging platform rolls out a couple of new security features to make logging in easier for Twitter users.
The updates include a password-reset process that can be implemented via text messaging and an enhanced method for identifying suspicious logins. While the old method of changing passwords via email will still be available, the new password reset system will be useful for users who forget their passwords and need to create a new one but do not have immediate access to their inbox, such as when a user has an old email address associated with his Twitter account.
"The new process lets you choose the email address or phone number associated with your account where you'd like us to send your reset information. That way, whether you've recently changed your phone number, or are travelling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options," writes product manager Mollie Vandor on the Twitter blog.
A user has to link his mobile phone number to his Twitter account before he can reset his password via SMS. If he hasn't already done so, he can connect his device to his profile using the instructions posted on the Twitter website.
Once the number is linked to his account, he can then go on to click the "Forgot Password" link on the login page on the Twitter website, mobile site or iOS and Android apps. Twitter will then ask the user to type in his email address or his number, whichever he prefers, where the social network can send his reset information. If he chooses SMS, he will receive a six-digit code that can be entered on the Twitter login page, where he can then type a new password. The code expires 15 minutes after it is sent.
The second feature is a smarter login analysis algorithm that looks at things like the user's location, device and login history to identify suspicious logins. Google has been doing the same thing since 2009 and it is welcome news that Twitter has also upped its game in the security department.
"While we always encourage you to follow these best practices for password security, we're aware that many people reuse the same passwords across multiple sites. And when any of these sites are compromised, stolen passwords could be used to access your account on Twitter," says Vandor.
If Twitter identifies any suspicious logins, the website will prompt the user to answer a security question before granting access. It will also send the account's real owner an email notifying him of any "unusual activity."
