Twitter’s Two-Step Authentication Raises Governance Issues for Agencies
In the light of several recent high-profile twitter account hacks such as The Associated Press, The Guardian and NPR, the news that twitter is trialing two-step authentication is welcome.
However this change, when implemented, may catch unprepared agency and corporate tweeters on the back foot and unable to post from accounts.
The issue stems from Twitter’s choice of security solution – mobile confirmation. When the new system is in place, logging in from a new location will require users to enter a password and a randomly generated code sent to their mobile device.
If this device is owned and registered by any one individual it will mean that this single person will have responsibility for authenticating access for all agency, internal or customer service account users that want to log on.
Inevitably it raises issue for corporate governance and will create confusion as there’s almost no way this person will know which user requested authentication.
Two possible solutions exist for this dilemma. If you can think of any more we’d love to hear them in the comments.
The first, register your Twitter account to a web accessible phone number such as Google Voice or Skype. This will allow multiple people to access the much needed verification messages as and when required.
The second, get yourself a content management system (CMS) such as Hootsuite or CoTweet so that you avoid logging into Twitter in the first place. Unless these services also introduce two-step authentication you should have no problem logging in as usual from any device.
Whether or not the above solutions are viable for your organization people need to start having these conversations now, while there’s still time to establish responsibilities and an authentication process.
Those that don’t… well, you won’t hear from them. Not on Twitter at least.
This post first appeared on the Ketchum Blog