Twitter Wants Users To Pay For 2FA

Elon Musk's takeover and management of Twitter has already provoked criticism and certainly ruffled feathers across the technology industry. Big Tech firms like Google, Microsoft and Meta are leading participants in the social media business and the shakeup at Twitter is certain to be followed closely by both executives and users of other platforms.

Not least among these is Facebook, who have attracted major regulatory penalties over their approach to user privacy and the widespread abuse of their platform for malicious purposes.

Now, the stakes have risen as Musk moves Twitter towards becoming a paid platform with the recent introduction of the Twitter Blue subscription service in some markets and the introduction of account verification using the Blue Tick in return for an annual fee.

The latest development is to charge Twitter users for security features that have previously been free, with the recent announcement by Twitter regarding its two-factor authentication method. This move means that non-Twitter Blue users will have to find an alternative way of securing their accounts within 30 days of receiving notice.

The decision to disable SMS-based two factor authentication for users who do not subscribe to the paid subscription service Twitter Blue gives users 30 days to disable the feature and switch to another factor of authentication. If users do not perform these actions before the 30-day cut off, the SMS-based authentication will be disabled without a substitute in place, and only have a password for authentication until another factor, such as using an authenticator app or security key, is set up.

That's a big enough short term change, but the larger issue is that the majority of Twitter users are not currently securing their accounts with any form of MFA.

According to a report released by Twitter in July 2022, only 2.6% of accounts had two factor authentication enabled as of December 2021, and 74.4% of those accounts are using SMS as an authentication factor. Ciarán Walsh, Associate Research Engineer at Tenable commented, "SMS-based two factor authentication is a weak authentication method as it can be easily exploited using techniques such as sim swapping. The use of an authenticator app or security key is considered stronger as they are not vulnerable to such attacks. Although SMS authentication is considered weak, it is still more secure than using just a password."

Whether introduction of this measure is a short-term fix, as Musk tries different things to see what works at improving the economic performance Twitter, remains to be seen. The progress in his efforts to transform social media into a paid-for service signals a substantial change for the entire social media industry. 

You Might Also Read: 

Algorithms, Lies & Social Media:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Universities Targeted With Ransomware
European & American Hackers Attack China »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

iZOOlogic

iZOOlogic

iZOOlogic protects hundreds of the world’s leading brands, across banking, finance and government from cybercrime. We provide strong cyber defence solutions to protect client digital assets.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.