

Internal Twitter Credentials Used in DNS Hack, Redirect - steve___
http://www.wired.com/threatlevel/2009/12/twitter-hacked-redirected/

======
jbyers
Three little words I want to hear from every one of our service providers in
2010:

Multi-Factor Authentication

(We're a Dynect customer too.)

~~~
thaumaturgy
I'm not a tremendous fan of multi-factor authentication yet. The _idea_ is
nice, but really it just adds a second password to the mix, and if the person
can't get one password right...

My bank for example uses multi-factor authentication. Two of the three
possible initial questions ask for a _color_. Let's see ... black, blue,
yellow, green, red...

~~~
mtrichardson
That's not multi-factor authentication.

True multi-factor authentication involves a combination of something you know
(eg, your password), something you have (your phone, a fob, etc.) and
something you are (generally biometric things, which for obvious reasons
haven't picked up too much).

Multiple security questions are just additional things-you-know, and as such,
aren't multifactor.

~~~
thaumaturgy
Ah, thanks, you're right.

My bank's website specifically calls it "multi-factor authentication", and I
never bothered to double-check the term.

------
wendroid
perhaps the twitter employee that used "password" as his admin password forgot
to change it on all his websites

