This came up as a dev asked on twitter why twitter doesn’t have a two-factor authentication. Since a Twitter account is used to login to quite a few apps it really should be more secure. ¨
The dev was not the only one curios about that, many joined the conversation, and I even found somebody who had asked this on Quora:
Twitter: Why doesn’t Twitter offer two-factor authentication?
But what is two-factor authentication anyway?
A two-factor authentication is a way to authenticate using two or more out of three authentication factors. The factors are considered to increase the likeliness that the user is indeed who he/she claims to be (proving identity). Using several versions of one factor is not considered true multifactor authentication (two-factor authentication). The three factors are:
A knowledge factor
– something the user knows
Examples: password, security questions, username/email address etc.
A possession factor
– something the user has
Examples: tokens (mini-device tokens), magnetic stripe cards, soft tokens (SSL certificate), mobile phone (sms, NFC, apps, signatures), smart cards
An inherence factor
– something the user is
Examples: iris scan, fingerprint, voiceprint