Twitter introduced two-factor authentication last week to make it harder for attackers to hijack users’ accounts. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS. An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on the feature. The real owner won’t be able to recover the account by simply performing a password reset. Twitter did not immediately respond to a request for comment.”]