Twitter: “We’re finally getting rid of the password”

Popular microblogging platform Twitter is taking bold steps to try and put an end to the password as we know it, according to Sky News.

Digits – part of a selection of developer tools called Fabrics – allows users to sign into apps without having to remember passwords. The process is simple: the user enters their mobile number into a log-in page on the app, and then receives a text message with a one-time code. Once entered, the user proceeds to the app as usual.

Although much of the thought process behind the option is for developing countries where email accounts are less common, Michael Ducker, a senior product manager at Twitter, also claimed the move was behind the frustration of having to remember so many different passwords across the web in general.

“I go to dinner parties and people say ‘Oh, you work in tech? Can you get rid of the password?’ and we’re finally getting rid of the password, for the vast majority of use cases,” Ducker told The Verge.

The whole system is more secure that traditional passwords, due to the physical requirement of the phone, and temporary nature of one-time codes, though as The Verge notes “Phone numbers aren’t perfectly secure; it is possible, though not easy, to clone a phone number.”

Digits isn’t actually based on Twitter, but an entirely different piece of software that can be integrated with any app by any developer. Engadget reports that the Fabric developer tools also contains the company’s other apps, including Crashlytics, MoPub and TwitterKit.

Digits is accessible in 28 languages, in 216 countries across iOS, Android and the web now.

Bloomua / Shutterstock.com

Author , ESET

  • Bryan Kluth

    What if you lose your phone?

    • JD

      Better yet, what if you get a new number, granted that doesnt happen a lot for most, but changing jobs frequently results in a new number. And what if I am trying to login without my phone. Say for example (which is true for me) I am at my desk, and dont have cell service?

      Aside from the step back as mentioned above, the implementation issues seem too much to overcome.

      • Bryan Kluth

        I don’t use Twitter anyway :)

        • JD

          Except that if this gains acceptance for twitter, and being site agnostic, it could mean much more widespread acceptance. I certainly hope, that if it becomes widely deployed, that it becomes an optional login method, as 2 factor currently is for most sites. And aside from the already mentioned issues, what is actually FAR more frightening is the monetization of our logins, and being able to sell yet more data about us, because once you go to single sign-on, you suddenly have all your online activities much easier linked together.

  • Ian Eiloart

    It’s two-factor auth without the first factor. So, it’s single factor authentication: a step back from two-factor.

    Benefits: prima facie, the phone is harder to steal than a simple password, because you have to be physically present. However, for those who are present, the phone is probably easier to steal.

    However, the SMS infrastructure isn’t designed for security, so it may be possible to hack the account without the phone. In fact, it may be easier to hack the SMS infrastructure than a good password.

    Will this be attractive to users? Probably not more attractive than just using a password that your browser/app has remembered. And probably not much more attractive than two-factor auth, when one of those factors is a password that your software has remembered.

  • Steve

    What if the device being used to access Twitter is your phone? Here is my username, can I come in please? Yes.

Follow us

Copyright © 2017 ESET, All Rights Reserved.