The popular social media site Twitter is rolling out a couple of new features to its login process to help users prevent their account in a more secure way and restore access to their account if they forget their accounts' password.
For tighten up the security measures Twitter is launching two factor authentication in its new password reset experience, making its users to reset their password in easier way and at the same time difficult for cybercriminals to log in to users' accounts.
"The new process lets you choose the email address or phone number associated with your account where you'd like us to send your reset information. That way, whether you've recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options," Twitter said in a blogpost on Thursday.
RESET TWITTER PASSWORD WITH SMS
This new experience will let Twitter users to enable password resets via phone SMS, only they will need to do is register their mobile number with their respective account. In case they've forgotten their password, they'll need to go to the standard 'Forgot password?' page and enter their mobile number or username.
Twitter will then text a six digit code that is valid only for 15 minutes, which the user has to enter on a web page before being prompted to choose a new password for their account. This SMS-based feature is the same that Google has enabled in its Gmail email service since 2009.
But, in case if users do not receive any code they are required to review SMS troubleshooting page or use the email password reset option.
SUSPICIOUS LOGIN NOTIFICATION
Along with the new password reset experience for its users, Twitter has also introduced enhanced user identification processes to identify the logins and blocking of suspicious logins in an effort to boost up account security.
Google also functions similar to identified suspicious login, for that it has a back-end behavioural analysis system for Gmail that identifies doubtful login attempts and also can flag account takeover attempts from state-sponsored attackers.
This new move is in the wake of users who reuse their same passwords for multiple sites, if one site is compromised by an attacker, the stolen passwords could be used to access users' multiple sites accounts including Twitter.
So, to protect users account in this scenario, Twitter built a new system that analyzes login attempts to accounts by looking at information such as location, device used and login history and identifies suspicious behaviour.
"If we identify a login attempt as suspicious, we'll ask you a simple question about your account – something that only you know – to verify that your account is secure before granting access," Mollie Vandor, a product manager at Twitter wrote in a blog post. "We'll also send you an email to let you know that we've detected unusual activity so you can update your password if need be."
Twitter said it has also made it easier to reset a lost password on your iOS and Android devices and that it has also added some customized tips to help users strengthen account security in the future.