Previously verification process were based on sending a code by SMS, but now Twitter created a strong authentication system which becomes more flexible with an alternative method based on an encrypted identification key, stored in the mobile application.
The current methodology is based on the input username / password and communication in a second time interval, a temporary PIN will be sent by SMS to the mobile phone user. This additional layer of security block connections made from a new terminal, including different geographical area or unusual IP. However, it’s more restrictive and this technique has the advantage of involving a physical factor, namely a mobile phone, harder to hack a software auditor as a virtual keyboard. But there are some constraints, especially in terms of network availability and pricing of communications abroad, which can interfere with the reception of an SMS.
Twitter draws its alternative system based on an encrypted identification key, stored in the same application. When the user connects from an unknown device, a prompt notification will be sent to approve or reject the connection requests. Google Authenticator, the tool is dependent on an Internet connection (no offline code generator), but it has the advantage of operating without any restrictions imposed by telecom operators. However, it is likely that eventually the current two-factor authentication methods will give way to an essentially physical dimension in securing the current connections. To overcome the weakness observed in electronic certificates, we can think of RFID tags, the SmartCard and fingerprint readers.