Twitter Wants Users To Pay For 2FA

Uploaded on 2023-02-22 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

Elon Musk's takeover and management of Twitter has already provoked criticism and certainly ruffled feathers across the technology industry. Big Tech firms like Google, Microsoft and Meta are leading participants in the social media business and the shakeup at Twitter is certain to be followed closely by both executives and users of other platforms.

Not least among these is Facebook, who have attracted major regulatory penalties over their approach to user privacy and the widespread abuse of their platform for malicious purposes.

Now, the stakes have risen as Musk moves Twitter towards becoming a paid platform with the recent introduction of the Twitter Blue subscription service in some markets and the introduction of account verification using the Blue Tick in return for an annual fee.

The latest development is to charge Twitter users for security features that have previously been free, with the recent announcement by Twitter regarding its two-factor authentication method. This move means that non-Twitter Blue users will have to find an alternative way of securing their accounts within 30 days of receiving notice.

The decision to disable SMS-based two factor authentication for users who do not subscribe to the paid subscription service Twitter Blue gives users 30 days to disable the feature and switch to another factor of authentication. If users do not perform these actions before the 30-day cut off, the SMS-based authentication will be disabled without a substitute in place, and only have a password for authentication until another factor, such as using an authenticator app or security key, is set up.

That's a big enough short term change, but the larger issue is that the majority of Twitter users are not currently securing their accounts with any form of MFA.

According to a report released by Twitter in July 2022, only 2.6% of accounts had two factor authentication enabled as of December 2021, and 74.4% of those accounts are using SMS as an authentication factor. Ciarán Walsh, Associate Research Engineer at Tenable commented, "SMS-based two factor authentication is a weak authentication method as it can be easily exploited using techniques such as sim swapping. The use of an authenticator app or security key is considered stronger as they are not vulnerable to such attacks. Although SMS authentication is considered weak, it is still more secure than using just a password."

Whether introduction of this measure is a short-term fix, as Musk tries different things to see what works at improving the economic performance Twitter, remains to be seen. The progress in his efforts to transform social media into a paid-for service signals a substantial change for the entire social media industry. 

You Might Also Read: 

Algorithms, Lies & Social Media:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Universities Targeted With Ransomware
European & American Hackers Attack China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

Identify Security Software

Identify Security Software

Our mission is to bring in a new age of autonomous human authentication in the security and identity space.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Baxter Clewis Consulting

Baxter Clewis Consulting

Baxter Clewis are cyber security and compliance experts. We provide Security Consulting, IT Assurance, and Technical Security services.

SecurelyShare Software

SecurelyShare Software

SecurelyShare Software is a security software company, specializing in data security, data privacy and data governance.

QuantumCTek

QuantumCTek

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.