What will this mean for users?
Multifactor Authentication on Twitter: Where are we going? How do we know if Twitter is going to stop putting out multifactor authentication?
Over the past decade, Apple and other giant tech companies have eliminated the option for two-factor communication in favour of other forms of verification. Researchers worry that Twitter’s policy change will confuse users by giving them so little time to complete the transition and making SMS two-factor seem like a premium feature.
Reports indicate that the company may have laid off too many employees too quickly and that it has been attempting to hire back some workers. Musk has said that he is disabling parts of the platform. Part of today will be turning off the’micro services’ bloatware. Less than 20 percent is needed to work on the social networking site.
“Temporary outage of multifactor authentication could have the effect of locking people out of their accounts. Kenneth White, co director of the Open Crypto Audit project and a security engineer, says that the even more concerning worry is that it will encourage users to just disable multifactor authentication, making them less safe. It’s not certain what caused the issue that many people are reporting, but it’s possible that there are changes to the web services that have been announced.
Twitter’s Two-Factor Password: A “Chaotic Move” after Elon Musk Takes Control of the Social Media Company
Twitter’s two-factor move is the latest in a series of controversial policy changes since Elon Musk acquired the company last year. The service is only available in the US, but it costs $11 per month on both mobile devices and for adesktop-only subscription. Users being booted off of SMS-based two-factor authentication will have the option to switch to an authenticator app or a physical security key.
The second piece of information can show that the person is actually you. While billions of passwords have been compromised online, the 2FA code is often delivered to or created by the device that’s in your pocket. Not having any type of two-factor password is worse than none. However, it isn’t entirely foolproof. Security researchers have warned about two-factor-authentication being riskier than other 2FA options.
Only people who pay a monthly fee for the service will get to use text message verification to keep their account secure, the company says.
The social media company has been hit with a series of decisions causing significant upheaval since the takeover of the company by Musk last year.
The reason for the move is due to bad actors Abused by phone number-based two-factor authentication. But the planned move has riled up many users, concerned about wider implications.
She told NPR that this decision was another one of Musk’s “chaotic moves”. She was not a fan of recent actions by the social networking site following Musk’s takeover.
Gavan Reilly, a reporter in Ireland, tweeted that Twitter Blue isn’t even available in his country yet, “so there is literally no option to maintain the current choice of security.”
“Sure, it’s nice to tell people to go use an authenticator app, but what if their government blocks that authenticator app, criminalizes its use, or gets it banned from the app store?,” she noted.
And there are apps, like Duo, that won’t work in certain countries if a user’s IP address originates in a region sanctioned by the the U.S., including Cuba, Iran, Syria, and areas in Ukraine controlled by Russian forces.
Im-Switch: How to Use a Security Key to Authenticate on Twitter and Other Web Sites in the Presence of a Not-So-Simple Attack
It’s considered “better than nothing,” but she notes it’s actually one of the least secure measures to use. There is a relatively simple attack called a “sim swap” that has become more and more common.
This is when “an attacker calls your cell phone company pretending to be you and convinces them to transfer your phone number to a new device, then sends the 2 factor authentication code” to themselves, she said.
Authenticator apps, like Authy, Google Authenticator, and Microsoft Authenticator, typically generate one-time passwords (OTP) that change after a short period of time. You can use the codes to access your accounts on the web, but you won’t find them in your text messages. You will only have a limited amount of time to enter them because they change frequently.
It’s safer to use a security key instead of a constantly changing code, and it’s convenient because you can check the validity of the service before you use it. However, this method requires you to purchase a physical piece of hardware that you insert or connect wirelessly to your phone or computer. This key verifies your identity when logging into your account.
Some keys come with a support for Lightning and other ones do not, so how you use them depends on the one you buy. Yubico is one of the many security key brands that are compatible with Twitter, but you must check if the key you need supports the other sites you need.
Passing the Cost to Users: How Social Networks are Combating Account Hybridization and Improperty Is It Better Than Twitter?
For years, social networks have been struggling with account hijacking. And over the past week, two of them unveiled a new plan for dealing with it: passing the cost to users.
Meta’s own security subscription service was announced soon after. The verification service will be similar to the one that was used by Twitter to help creators grow their audiences. It adds a real person for account support, as well as active account monitoring for fakes who might target people with growing online audiences.
From one perspective, both these moves are understandable. Twitter still allows free app-based two-factor authentication, which is typically a more secure option, and pushing more people toward it is a good thing. Meta’s new plan is similar to one used by other enterprise users: charging businesses an extra fee for expedited, full-featured support. The company is trying to solve a real customer service problem. It seems that the customer support division was put more resources into last year as users appealed to black market account restoration services when they got hacked.
Meanwhile, Meta’s plan combines things that make sense as premium upgrades with ones that a good social network should be doing by default. It tells the average user that they can trust themselves to be real if they flag accounts that are at risk of being impersonated. Even if it’s impossible to offer billions of people that level of attention, large and rapidly growing accounts are a far smaller subset of the user base — one that the overall Facebook experience benefits from supporting without requiring a fee. There isn’t much incentive to improve the dismal customer service experience for non-paying users who are locked out of their accounts.
Two-Factor Authentication: Apps, Keys, and Encryption of Twitter Using SIM-Swapping Attacks
Two-factor authentication, also known as 2FA or multi-factor authentication, is one of the most effective ways to protect your online accounts from being hacked. When logging in to a website, app, or service, 2FA requires you to sign in using your username and password, then verify that the login is authentic using another piece of information. This can be done with a temporary code that is generated or sent to you in real time.
That’s because SIM-swapping attacks, where phone numbers are compromised by attackers, let criminals access 2FA messages and break into accounts. Even if it is less convenient than another 2FA option, it is the best option.
Instead of turning 2FA off on your Twitter account, there are two better options: authenticator apps and security keys. The same principles are used by both of them. To enable either of those alternatives you need to first open its settings and privacy, then Security and account access, and finally Two-factor authentication. (Or just click here if you are logged in). You can use an app or security keys to use two-factor authentication here.
