Twitter Wants Users To Pay For 2FA

Elon Musk's takeover and management of Twitter has already provoked criticism and certainly ruffled feathers across the technology industry. Big Tech firms like Google, Microsoft and Meta are leading participants in the social media business and the shakeup at Twitter is certain to be followed closely by both executives and users of other platforms.

Not least among these is Facebook, who have attracted major regulatory penalties over their approach to user privacy and the widespread abuse of their platform for malicious purposes.

Now, the stakes have risen as Musk moves Twitter towards becoming a paid platform with the recent introduction of the Twitter Blue subscription service in some markets and the introduction of account verification using the Blue Tick in return for an annual fee.

The latest development is to charge Twitter users for security features that have previously been free, with the recent announcement by Twitter regarding its two-factor authentication method. This move means that non-Twitter Blue users will have to find an alternative way of securing their accounts within 30 days of receiving notice.

The decision to disable SMS-based two factor authentication for users who do not subscribe to the paid subscription service Twitter Blue gives users 30 days to disable the feature and switch to another factor of authentication. If users do not perform these actions before the 30-day cut off, the SMS-based authentication will be disabled without a substitute in place, and only have a password for authentication until another factor, such as using an authenticator app or security key, is set up.

That's a big enough short term change, but the larger issue is that the majority of Twitter users are not currently securing their accounts with any form of MFA.

According to a report released by Twitter in July 2022, only 2.6% of accounts had two factor authentication enabled as of December 2021, and 74.4% of those accounts are using SMS as an authentication factor. Ciarán Walsh, Associate Research Engineer at Tenable commented, "SMS-based two factor authentication is a weak authentication method as it can be easily exploited using techniques such as sim swapping. The use of an authenticator app or security key is considered stronger as they are not vulnerable to such attacks. Although SMS authentication is considered weak, it is still more secure than using just a password."

Whether introduction of this measure is a short-term fix, as Musk tries different things to see what works at improving the economic performance Twitter, remains to be seen. The progress in his efforts to transform social media into a paid-for service signals a substantial change for the entire social media industry. 

You Might Also Read: 

Algorithms, Lies & Social Media:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Universities Targeted With Ransomware
European & American Hackers Attack China »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

LRQA

LRQA

LRQA are a leading global assurance provider, bringing together unrivalled expertise in certification, brand assurance, cybersecurity, inspection and training.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

InnovateHer

InnovateHer

At InnovateHer, our vision is to make the tech sector more equitable, by increasing diversity across the spectrum and creating more inclusive workplaces.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.