Twitter has made a couple of changes to the service’s login process to help prevent account takeovers and enable users to reset their passwords in a simpler way. A Twitter account is among the more valuable assets for an attacker who is targeting a specific person. Accounts typically are tied to a user’s main email address and give an attacker access to the victim’s social sphere, and perhaps, other accounts. People are bad at remembering passwords, so they tend to reuse them across a number of different sites and services.
Twitter has changed the way users regain access to its service if they’ve lost or forgotten passwords, as well as introduced a new system that will keep an eye out for suspicious login behaviors. Today, the company said users can add both a phone number and email address that will be alerted when password reset requests are made. If you’ve misplaced your password, or just need a new one, you can start the process off from either of those options both through Twitter.com and its Android and iOS apps. The second new security effort tracks location, login history, and what device you’re using to weed out potentially suspicious login activity. If it finds something fishy, the company says it will alert users through their registered email address.
