Twitter: now the second factor of authentication via SMS will be the payment

Share This Post

- Advertisement -

Chirping announced that it will start charging for using 2nd factor SMS authentication to log in. The option was available among others until now, which will be part of the paid Twitter Blue package. Anyone using this method must change it by March 20th.

- Advertisement -

The second authentication factor (known as 2FA or MFA) is an additional security measure that can be activated in personal accounts to prevent third parties from logging in with our password. This is a security filter to protect accounts from unauthorized access.

The truth is that the second factor can continue to be used through applications such as Google Authenticator or, for more advanced users, through physical security keys (such as FIDO). But at present, the method of sms It is the most used by Twitter users.

- Advertisement -

What is striking is that Twitter has not released any official statement, not even from the company’s Help Center: the information was learned from the journalist’s scoop Zoe Schiffer on the platform.

Hours later, Twitter intervened, confirming the information. This all means that if you don’t pay, the sign-in experience will be a little more “workable” as you’ll need to install a third-party app, like Google Authenticator, to access the app.

The reasons have to do with “2FA based on phone number [SMS] it is used – and abused – by hackers,” the company explains.

Indeed, still paying for Bluerequire using another method as a second factor, which is curious considering they charge for using the more insecure method (see below): “We encourage non-subscribers of Twitter Blue to consider using a ‘authentication app or a security key method, on the other hand, ” reads the warning that has reached several users.

“These methods require physical possession of the authentication method and are a great way to ensure your account is secure,” they add.

According to Twitter’s data transparency page, only 2.6% of users activated the second factor. But, of that percentage, 74.4% use text message to log in securely.

Why is the second factor crucial?

It is common in personal data buying and selling forums for passwords to be traded, based on data leaks by large corporations. This, added to the fact that most users repeat their passwords in all the services they use, makes the second factor a fundamental measure to prevent theft of a personal account.

In other words, after entering the usual password, the second factor asks for a code that will be received by SMS or via an app on the smartphone. This way, if an attacker gets the password, he won’t be able to complete authentication unless he has access to the phone where he can receive the temporary code.

Finally, in some cases an access code is not used, but the user receives a message on his phone with an authorization request, which he must accept by also adding his fingerprint. In this case, the fingerprint reader of current phones is also used for the three forms of authentication, because in addition to the password and the phone, the user must verify his fingerprint.

Jack Dorsey himself, along with other tech celebrities, suffered from unauthorized access to his account and subsequent hack, due to failure to activate a second factor of authentication.

SMS, the second most insecure factor

After the password, the second factor appears - there are more options.  Photo: Shutterstock

After the password, the second factor appears – there are more options. Photo: Shutterstock

“For the factor, not all variants offer the same level of security: physical keys, for example, are among the most secure, while an application on the mobile phone, or even worse, SMS, of the lows“Iván Barrera Oro, Hackan, had explained to Clarín in this article last year.

This is because “it is possible to induce the user to enter these second factors on malicious sites, or even intercept them in the case of SMS, which is not possible with physical keys. Anything more is still better than nothing.”, argues the expert .

However, despite being the most insecure method of activating a second phase of authentication, It’s still better than having nothing.

Elon Musk thus continues in his quest to generate measures that translate into higher revenues for a platform that, day after day, presents more and more problems.

Source: Clarin

- Advertisement -

Related Posts