The opt-in feature requires users to receive an access code on their smartphone via SMS text messaging.
Earlier in the month, it was announced that Twitter employees were currently testing the Twitter two-factor authentication setup. The tests began after several high profile accounts including Burger King and The Associated Press were hacked and disturbing messages were posted to their accounts.
There are some limitations to the type of two-factor authentication being used. Specifically, many high-profile account users have multiple workers who access their Twitter account. Because two-factor authentication relies on an SMS text message to a single smartphone, it won’t work for multiple users.
According to Sophos Security researcher Chester Wisniewski:
“To do this properly, Twitter needs to go in the direction of Google+ and Facebook. They allow for “company” accounts and then assign regular users to be administrators. No shared passwords, and everyone can use two-factor.”
Twitter is already working on other types of added authentication and writes:
“Much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future.”