Twitter: “We’re finally getting rid of the password”

Popular microblogging platform Twitter is taking bold steps to try and put an end to the password as we know it, according to Sky News.

Digits – part of a selection of developer tools called Fabrics – allows users to sign into apps without having to remember passwords. The process is simple: the user enters their mobile number into a log-in page on the app, and then receives a text message with a one-time code. Once entered, the user proceeds to the app as usual.

Although much of the thought process behind the option is for developing countries where email accounts are less common, Michael Ducker, a senior product manager at Twitter, also claimed the move was behind the frustration of having to remember so many different passwords across the web in general.

“I go to dinner parties and people say ‘Oh, you work in tech? Can you get rid of the password?’ and we’re finally getting rid of the password, for the vast majority of use cases,” Ducker told The Verge.

The whole system is more secure that traditional passwords, due to the physical requirement of the phone, and temporary nature of one-time codes, though as The Verge notes “Phone numbers aren’t perfectly secure; it is possible, though not easy, to clone a phone number.”

Digits isn’t actually based on Twitter, but an entirely different piece of software that can be integrated with any app by any developer. Engadget reports that the Fabric developer tools also contains the company’s other apps, including Crashlytics, MoPub and TwitterKit.

Digits is accessible in 28 languages, in 216 countries across iOS, Android and the web now.

Bloomua /

Author , ESET

  • Ian Eiloart

    It’s two-factor auth without the first factor. So, it’s single factor authentication: a step back from two-factor.

    Benefits: prima facie, the phone is harder to steal than a simple password, because you have to be physically present. However, for those who are present, the phone is probably easier to steal.

    However, the SMS infrastructure isn’t designed for security, so it may be possible to hack the account without the phone. In fact, it may be easier to hack the SMS infrastructure than a good password.

    Will this be attractive to users? Probably not more attractive than just using a password that your browser/app has remembered. And probably not much more attractive than two-factor auth, when one of those factors is a password that your software has remembered.

  • Steve

    What if the device being used to access Twitter is your phone? Here is my username, can I come in please? Yes.

Follow us

Copyright © 2017 ESET, All Rights Reserved.