News Show

Twitter No More SMS 2FA for Free – Twitter Blue Only

Twitter is removing text-based two-factor authentication security. For all accounts that are not subscribed to the premium Twitter Blue subscription.

According to Elon Musk., Twitter loses roughly $60 million a year because bot accounts abuse SMS messaging. So, SMS is locked behind an $ 8-month subscription plan. This does not mean two-factor authentication security is removed altogether. Users are still able to enable app-based security such as with Google authenticator or Authy. Where your security codes are generated every minute in the app rather than sent to you via text.

Now, this is an interesting move for Twitter because text-based two-factor authentication is one of the weakest types of multifactor Authentication safeguards someone could enable. And to force all users to use an App based multifactor authentication security method does greatly improve their overall security. But on the other hand, SMS two-factor is better than not using two-factor at all. The only way to see if this is a good idea or not is if over 50% of Twitter’s two-factor authentication users switch to an app-based method or if they just disable it altogether.

The reason why text-based two-factor authentication code security is not so great is simply that there is a middle person who oversees delivering your security code, that being your service provider. It’s been an issue now for many years now where targeted hackers and scammers will attempt to hijack someone’s account by simply calling up their phone carrier and either SIM swapping or forwarding messages to another number. We’ve talked about for a long time here in The White Hatter how phone carriers have weak security, and relying on your phone number for security is not the best option. Thankfully, a lot more phone carriers now are enabling extra security methods when you call in and ask for service to verify an account holder’s identity. The downside is some customers don’t like that because it puts limitations on customer service representatives to assist customers. Or if some hacker or scammer figures out or tricks you for your password to your phone carrier account can then transfer and forward your text messages to another phone. In our experience, we tend to find, unless you are a business executive, most hackers and scammers just trying to see who they can catch. When they are presented with a two-factor authentication security hurdle, they’re more often just going to leave you alone, which is why this Twitter move is so troubling for me. Current reports have shown that not a lot of people on Twitter are using or have enabled two-factor authentication security. The fear is because of this change that simply those people are not going to switch over to the newer secure method of safeguarding your account will result in fewer two-factor authentication security users. As text-based SMS, two-factor security is better than nothing at all than relying solely on a singular password to keep you safe.

So if you have Twitter, now is a great time to is setup your account with a two-factor authentication app like Authy if you have SMS 2FA enabled or not

Sources

https://www.cnn.com/2023/02/18/business/twitter-blue-two-factor-authentication/index.html

https://transparency.twitter.com/en/reports/account-security.html#2021-jul-dec

Support The White Hatter Resources

Free resources we provide are supported by you the community!

Lastest on YouTube
Latest Podcast Episode
Latest Blog Post
The White Hatter Presentations & Workshops

Ask Us Anything. Anytime.

Looking to book a program?

Questions, comments, concerns, send us an email! Or we are available on Messenger for Facebook and Instagram

Your subscription could not be saved. Please try again.
Your subscription has been successful.

The White Hatter Newsletter

Subscribe to our newsletter and stay updated.

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use