Two-factor authentication is good, but social media services can’t stop there

So you’ve added two-factor authentication to your web service? That’s a good start. But at this point, two-factor authentication should be just a baseline standard for basic security practices. How much further will you go to protect your users from hacks?

LinkedIn is the latest company to announce that it’s added two-factor authentication to protect user accounts, and it’s a welcome addition from the company that’s experienced significant security breaches in the past. Twitter finally added it last month (after going far too long without it) and Apple and Microsoft have added it in recent months as well. Facebook added its own version of two-factor authentication in 2011, and Google has had it for much longer.

But two-factor authentication, which essentially asks you to confirm your identity with a second code from a device like a smartphone when you go to enter your password, is just a start. Many people have written why two-factor authentication won’t solve all your security needs — it’s certainly not a foolproof way to prevent attacks as the sophistication of hackers evolves to target specific individuals in an organization.

From the Onion to the AP, the companies finding themselves the target of social media hacks is constantly increasing. And as the reaction to the AP hack that affected the stock market showed, the consequences are more than just some Twitter embarassment.

This week, HootSuite announced that it was adding additional security features for its enterprise users, teaching them what to do in case of a hack, assessing their social media accounts for risk, and sending notifications in the case of suspicious activity. These types of measures from companies like HootSuite should serve as motivation for Twitter itself to do more, which Twitter’s CEO Dick Costolo said the company is focusing on.

Greg Gunn, HootSuite’s VP of business development, told me that for a company like Twitter, it’s always a balance of figuring out what security tools it should provide to large enterprise clients itself, and which can be served by third-party certified partners like HootSuite which are more geared toward these customers. But he said he imagines Twitter’s security standards will continue to evolve as users themselves demand it.

“The market will dictate what Twitter should prioritize as native,” he said. “And I’m sure they’ll continue to make native strides to add security measures on their platform.”

So by all means, add two-factor authentication as a solid step toward protecting your users. But as startups like HootSuite have shown, that’s just a start.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

  • Facebook’s IPO filing: ideas and implications
  • Survey: How apps can solve photo management
  • Sector RoadMap: Social customer service in 2013


GigaOM