It can be difficult to keep up with security changes made by services and websites that you are a member of. If a company adds a new security related feature, it is often a good idea to implement it as soon as possible to improve your account's overall security.
Many companies have started to implement two-factor authentication schemes for instance to improve the login process itself.
But there are other security improvements that can be made, and while that is great, a lack of a standard in this regard adds a little bit of chaos as well.
Twitter announced today that it has implemented a new security feature that improves the security of the password reset dialog. Besides that, the company added a login history feature to each account that is being used to analyze all log ins.
If you want to reset your account password on the site, all you have to do is to provide your username, email or phone number to do so, provided that the latter has been added to the account
The password reset option is sent to the associated email account. Sometimes, that may not be convenient or an option anymore. If you do not have access to that email account, for instance while you are on the road, then you cannot reset the password.
The new password reset functionality gives you options, but requires you to enter the associated email address or phone number to do so. Once you have done so, you will receive options to sent out an email with the instructions to reset the password, or a phone number if one is associated with the account.
The new account login history resembles that of companies like Google or Facebook. It takes into account IP addresses, locations, or the device being used, and if a login appears to be suspicious, will display basic account related questions that need to be answered before access is granted.
If you sign in from New York all the time, and suddenly a login is noticed from the opposite side of the world, something may not be right.
I do think that setting up two-factor authentication makes more sense than this though, but if you can have both options, why not. Just make sure that the information that you enter on your profile page are accurate, as you don't want to lock yourself out if they are not and you cannot remember them.
Both features work right out of the box, and do not require any configuration whatsoever.