The security feature is easily turned on on the Account Settings page, and requires users to associate a mobile phone number with the account so that they could receive the verification code.
"With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application," says Jim O'Leary of Twitter's product security team, and points out that the feature is "built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers)."
Once the two-factor authentication feature has been enabled, the verification code is sent each and every time the user signs into Twitter via its website.
This first iteration of the feature does not offer persistent application passwords, and it also can't currently be used to secure more than one account.
Unfortunately for me, the feature doesn't work with my mobile operator, and I'm definitely not the only one, but let's hope that all these things will be fixed in the future.
As a side note: Kim Dotcom has chosen this moment to announce that Twitter, Google, Facebook and all other companies that have implemented two-step authentication are infringing his IP rights because of a patent he filed in 1997.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.