Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Twitter Digit service shows no change in security

Kaspersky Lab UK : 28 October, 2014  (Technical Article)
Single device control with OTP and number verification adds no significant security advantage, according to Kaspersky Lab
Twitter Digit service shows no change in security

Following the recent news of Twitter’s new service called Digits, David Emm, principal security researcher at Kaspersky Lab, has commented on how this service impacts consumers and security.

According to David, "Twitter’s new Digits login service certainly offers a benefit to everyone concerned. Consumers no longer have to worry about creating a login and password combination to set up an account with an app provider; and they don’t need to have an e-mail address. App developers don’t need to develop their own framework for verifying logins; and they won’t lose potential customers that are put off because they don’t have an e-mail address. And Twitter gets more visibility into what its customers are interested in.

"However, in my opinion, the new service doesn’t impact security one way or the other. If someone were to lose their device, or have it stolen, then the number verification would still work – and anyone with access to the device would be able to access an app in the same way as the legitimate owner.

"I don’t think the new service can be hailed as a significant step change in security. Given that the app, phone number and one-time passcode will all be on the same device, there’s no improvement in security. This would only be a step forward if the code was sent to a different device, but of course most people would find this inconvenient - and most people don’t have a second mobile phone. On the other hand, it doesn’t represent a step backwards either. Currently, mobile apps don’t force a login each time the app is run anyway, so if someone steals a phone, and the owner isn’t using a PIN, passcode or fingerprint, the thief has access to everything – e-mail, social networks and apps. In other words, security is dependent on a single-point-of-failure – the PIN, passcode or fingerprint used to access the device itself. Digits doesn’t change that."

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo