Welcome to the [Push] Club, Twitter
The team at Twitter has released details about a big improvement for their two-factor authentication functionality: push.
We're glad to see a company as prominent as Twitter implementing two-factor authentication in a manner similar to Duo Security's own platform. If you or your friends have used SMS-only two-factor services before, you already know how frustrating it can be only having one phone number to authenticate accounts that you (or your company) may rely on. When users get frustrated with security controls, they stop using them. That's a negative for all of us.
With Twitter's move to push, we can very confidently say that the past four years of development on the Duo Security platform is as cutting-edge as ever, leading big names first from hardware tokens, and now from SMS pass-codes, into the current generation of push. As many have found out, SMS is clunky, unreliable, and not great for teams or travel. Usability and reliability are key needs for broad adoption of two-factor and Twitter seems to agree.
For what it's worth, our very own Tom Haynes made a bit of a prognostication in February about Twitter doing exactly this following their release of SMS two-factor. Also, apparently we aren't the only ones to think this latest step by Twitter looks a little bit familiar...
Twitter’s new login verification system, on iPhone and Android, sounds very similar to some stuff @duosec is doing — Chris Dzombak (@cdzombak) August 6, 2013