Twitter have announced the launch of a two-factor authentication service to try to reduce down the numbers of incidents of accounts being hacked. It’s a good step for consumers, but in my view fails to address the fundamental issue that companies who use Twitter for corporate accounts face: if there is only one account, there’s only one password, and that gets shared across multiple users.
Actually, adding in two-factor adds more challenge. The way it will work is that you will need to enter a PIN that is sent to your mobile via SMS before logging in at a new machine can be verified. So, for a team using the same Twitter account, they’ll also now need to share a mobile phone as well as a password.
Multiple-user Twitter accounts need to be able to be accessed by different people authenticated by themselves, not on a shared identity. It’s only at that point that organisational Twitter accounts will become properly secure.