Twitter Wants Users To Pay For 2FA

Uploaded on 2023-02-22 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

Elon Musk's takeover and management of Twitter has already provoked criticism and certainly ruffled feathers across the technology industry. Big Tech firms like Google, Microsoft and Meta are leading participants in the social media business and the shakeup at Twitter is certain to be followed closely by both executives and users of other platforms.

Not least among these is Facebook, who have attracted major regulatory penalties over their approach to user privacy and the widespread abuse of their platform for malicious purposes.

Now, the stakes have risen as Musk moves Twitter towards becoming a paid platform with the recent introduction of the Twitter Blue subscription service in some markets and the introduction of account verification using the Blue Tick in return for an annual fee.

The latest development is to charge Twitter users for security features that have previously been free, with the recent announcement by Twitter regarding its two-factor authentication method. This move means that non-Twitter Blue users will have to find an alternative way of securing their accounts within 30 days of receiving notice.

The decision to disable SMS-based two factor authentication for users who do not subscribe to the paid subscription service Twitter Blue gives users 30 days to disable the feature and switch to another factor of authentication. If users do not perform these actions before the 30-day cut off, the SMS-based authentication will be disabled without a substitute in place, and only have a password for authentication until another factor, such as using an authenticator app or security key, is set up.

That's a big enough short term change, but the larger issue is that the majority of Twitter users are not currently securing their accounts with any form of MFA.

According to a report released by Twitter in July 2022, only 2.6% of accounts had two factor authentication enabled as of December 2021, and 74.4% of those accounts are using SMS as an authentication factor. Ciarán Walsh, Associate Research Engineer at Tenable commented, "SMS-based two factor authentication is a weak authentication method as it can be easily exploited using techniques such as sim swapping. The use of an authenticator app or security key is considered stronger as they are not vulnerable to such attacks. Although SMS authentication is considered weak, it is still more secure than using just a password."

Whether introduction of this measure is a short-term fix, as Musk tries different things to see what works at improving the economic performance Twitter, remains to be seen. The progress in his efforts to transform social media into a paid-for service signals a substantial change for the entire social media industry. 

You Might Also Read: 

Algorithms, Lies & Social Media:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Universities Targeted With Ransomware
European & American Hackers Attack China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Limes Security

Limes Security

Limes Security GmbH is the leading OT Security expert in the German-speaking region of Europe.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.

Black Cipher Security

Black Cipher Security

Black Cipher is a New Jersey-based cybersecurity and incident response consulting firm.