What might Twitter’s new “Digits” login system mean for security, hackers, operators, and all of US?!
Twitter’s “Digits” mobile phone login system was announced to the world yesterday. Attempting to capture the interest of app developers, and to cater for people the world over – including those in developing countries that have phones but not necessarily email addresses, is interesting. Is it good idea?
My initial reaction was “well hold on, my phone now is the key to all my online stuff”. And, truth is, with 2-factor authentication (ask me in the comments if you don’t know what that is) our phones, and our phone numbers, are increasingly becoming the key to important systems that we use.
I was pondering the implications of this. I’m sure it’s way more complicated than I’ll make out here, but a few things seem obvious to me:
- Mobile phones will increasingly become targets for theft as they start to not only be of physical value, but contain increasingly valuable data.
- Mobile phone numbers and operator accounts will increasingly become targets for theft, social engineering, spoofing, etc. How secure is the PAC code process for transferring numbers? How secure are mobile operator’s online portals? Will operators need to tighten up security on number ownership somehow?
- Hackers (and hacks!) will start needing to get hold of phones and phone numbers to initiate attacks.
Overall, a simple, one-time, phone-locked login system seems like a good idea, and as I’ve read in several places, a huge improvement over the existing username-and-password systems that so many places use and which are so easy to exploit.
But I do wonder what the future holds if Digits takes off.