Finally, Twitter has implemented 2-factor authentication of their accounts. It is made possible with SMS messages. When you log in to your twitter account, in addition to username and password, you will be prompted for 6-digit code which is sent to your mobile phone. Similar technology is used by some other companies (for example, Facebook and Bank of America). This is not the best solution (what if you are located in out of service zone?) but it is better than nothing. There are more robust solutions, which also use mobile phone, implemented, for example, by Google or PayPal. They utilize software tokens: different smartphone apps (Google Authenticator and VeriSign VIP accordingly) that, however, do the same: display new temporary code every minute. Such app generates the numbers based on preset initialization vector and mathematical formula, which does not require any server connection. Therefore, the phone device with such app can be used offline, the same way as classic hardware token like RSA SecurID.