Pretty impressive two-factor authentication in the @Twitter iPhone and Android apps

Twitter rolled out updates to its iOS and Android apps at the beginning of August which included a new two-factor authentication method for verifying logins (and possibly other stuff). It is worth reading the blog post describing the solution. It begins with this explanation why Twitter opted not to go with the more common two-factor authentication model:

Traditional two-factor authentication protocols require a shared secret between the user and the service. For instance, OTP protocols use a shared secret modulated by a counter (HOTP) or timer (TOTP). A weakness of these protocols is that the shared secret can be compromised if the server is compromised. We chose a design that is resilient to a compromise of the server-side data’s confidentiality: Twitter doesn’t persistently store secrets, and the private key material needed for approving login requests never leaves your phone.

Other previous attacks against two-factor authentication have taken advantage of compromised SMS delivery channels. This solution avoids that because the key necessary to approve requests never leaves your phone. Also, our updated login verification feature provides additional information about the request to help you determine if the login request you see is the one you’re making.

I noticed this and enabled it (who doesn’t want to secure his or her Twitter account, right?) although I only found out just how impressive the technology is in a recent episode of Security Now with Steve Gibson and Leo Laporte. The whole episode is worth watching (you can also listen to the audio version or read the terrific show transcription) but the discussion about the Twitter model starts at about 29 minutes in:

Bruce Schneier also seems to approve of the technique although he doesn’t go into much detail in his post I found on his site.

Twitter has been doing some pretty interesting stuff when it comes to user privacy and this security model sounds really carefully thought out and designed to protect users even more than the more common options. The explanation Steve Gibson gave about how Twitter leverages the idea that you can only hash passwords one way to make sure it can only authenticate and not impersonate users just points to that (at least, to me). I just had to share.