Twitter introduces two-factor authentication, Kim Dotcom threatens to sue (video)

23 May 2013

Following a string of high-profile Twitter hacks, the microblogging network has introduced two-factor authentication for enhanced security. However, controversial entrepreneur Kim Dotcom has come out on Twitter to say he holds the patent for this technology and could sue the companies using it.

Twitter was reported to be testing a two-step security solution following a hack on Associated Press last month, which used the @AP Twitter account to falsely report attacks on the White House. The AP hack was just the most recent in a long string of similar attacks on media outlets like the BBC, Reuters, NPR and CBS.

Two-step verification is already employed by the likes of Google, Apple, Facebook, Yahoo! and Dropbox, and offers an added level of security as a username and password – which can be obtained through phishing attacks or other breaches – are not enough to gain access to accounts.

Twitter’s log-in verification requires users to register a phone number with their accounts for them to be enabled. Once this is done, users can opt to receive a six-digit code via SMS that will have to be entered when they want to log into Twitter.


If users need to sign into Twitter on other devices or apps, they will need to visit their applications page to generate a temporary password in order to authorise that application for log in.

In a post on the Twitter Blog explaining the new security options, product security team member Jim O’Leary says more security enhancements are in the pipeline.

Kim Dotcom claims copyright infringement

One user that’s not happy with this new development at Twitter is Kim Dotcom, founder of Megaupload (now Mega). Dotcom claims intellectual property rights for the two-factor security measure, and tweeted yesterday: “Google, Facebook, Twitter, Citibank, etc. offer Two-Step-Authentication. Massive IP infringement by US companies. My innovation. My patent”.

As proof of his claim, Dotcom then tweeted this US patent from 1997 (filed under his original name, Kim Schmitz) that describes a method and device for authorisation in data transmission systems employing a transaction authorisation number or comparable password.

Though he believes in sharing knowledge and ideas for the greater good, Dotcom says he is considering suing the companies that infringe his patent because of his legal problems with the US.

The German-Finnish entrepreneur is facing extradition from New Zealand on charges of online piracy and copyright infringement by the US Department of Justice. He was arrested in January of last year and an extradition hearing is scheduled for August.

Dotcom says Mega’s assets are currently frozen and defending his company will cost more than US$50m. In order to raise this money, he wants to bargain with companies he says are infringing on his IP rights. “Google, Facebook, Twitter, I ask you for help. We are all in the same DMCA boat. Use my patent for free. But please help fund my defence,” he tweeted.

As a fundraising alternative, Dotcom is also offering to sell the worldwide license for his two-factor authentication patent, apparently valid in 13 countries, including the US and China.

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.