Tag: authentication
Multifactor authentication: Keeping employee data secure through digital ID management
How to set up two-factor authentication on your online services
Recently, it was announced that Twitter would only offer SMS-based two-factor authentication (2FA) to its Twitter Blue members (those who are willing to pay $8 a month on Android or $11 a month on iOS). To tell you the truth, my first reaction was: just as well. If you want to use 2FA to secure your social media or another account, using text messaging is not the way to go. You’re much better off using either a third-party authenticator app or a hardware security key.
What are security keys?
Security keys, such as the ones sold by Yubico, are the safest method to use. They can connect to your system using USB-A, USB-C, Lightning, or NFC, and they’re small enough to be carried on a keychain (with the exception of Yubico’s YubiKey 5C Nano,…
Twitter’s SMS two-factor authentication is now a paid feature
Twitter announced the change on its official blog earlier this week, citing its commitment to user security as the driving force behind the decision. According to the post and Twitter’s account security data, SMS-based 2FA-secured accounts are the most susceptible to unintentional access by malicious actors.
Twitter makes SMS two-factor authentication exclusive to Twitter Blue users
Twitter’s Two-Factor Authentication Change ‘Doesn’t Make Sense’
Twitter to charge users for SMS two-factor authentication
To non-Twitter Blue subscribers, those users now have 30 days to get on the Blue train or risk having their SMS two-factor authentication turned off. The new policy from Twitter and CEO Elon Musk was alluded to in a tweet by Platformer’s Zoe Schiffer early Friday afternoon.
The news is all but official now according to an updated blog post on Twitter’s website. The post admits that while SMS is a popular form of 2FA, it can easily be abused. Thus, the platform is locking the privilege of using its worst form of authentication behind an $8 subscription (or $11 if you use an iOS device). The site then suggests that non-Twitter Blue subscribers “consider using an authentication app or security key method instead.” So it’s either that or wait until Twitter turns it off for you on March 20.
As Twitter points out, SMS 2FA is not required to log into the app, but it is one of the platform’s most used forms of authentication. According to Rachel Tobac on Twitter, based on the site’s own transparency data, only 2.6 percent of the platform’s users have 2FA, and the vast majority of them (74 percent) use SMS authentication.
One big reason a company might put SMS authentication behind a paywall, as The Verge’s Sean Hollister points out, is that sending SMS messages costs money. Twitter is in desperate need of money, and it’s been the plan since the billionaire took over to phase out SMS entirely anyway. But it seems, at least for now, Musk has found a way to at least monetize SMS. Considering that Twitter Blue subscriptions are making less than we thought, SMS authentication might be phased out entirely in the near future for all users.
Twitter is making text-based two-factor authentication a paid feature
Twitter users will soon have to use an authenticator app or a security key to be able to use two-factor authentication if they’re not a Blue subscriber. The website has made text-based 2FA an exclusive feature for members paying for its subscription service. Non-Twitter Blue members can no longer activate it if they haven’t yet, but those who’ve already been using it will have until March 20th to disable the method and enable another type of authentication. Twitter will simply disable their 2FA if they fail switch before that date.
In its announcement, Twitter said it has come to the decision after seeing “phone-number based 2FA be used — and abused — by bad actors.” Some critics are doubting Twitter’s explanation, however, and speculating that the company’s real intention is to add SMS 2FA as one of the features it offers with its subscription service. To note, a Blue subscription costs between $8 to $11 a month or $84 a year and adds a checkmark next to the user’s name.
Whatever Twitter’s real intentions are, most users who have two-factor enabled on the website may now have to change their log-in habits. According to the company’s transparency report from 2021, 74.4 percent of users who have 2FA enabled use the SMS method. A mere 28.9 percent uses authenticators, and a tiny fraction (0.5 percent) has security keys. Further, only 2.6 percent of all Twitter users enabled two-factor authentication, though the numbers may have changed since then.
“We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead,” the company said. “These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.”
Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:https://t.co/wnT9Vuwh5n
— Twitter Support (@TwitterSupport) February 18, 2023
Official: Twitter will now charge for SMS two-factor authentication
Four hours ago, Platformer’s Zoe Schiffer tweeted a scoop: Twitter would begin charging for SMS two-factor authentication.
Now, it’s official: You have to pay for the privilege of using Twitter’s worst form of authentication. In fact, if you don’t start paying for Twitter Blue ($8 a month on Android; $11 a month on iOS) or switch your account to use a far more reliable authenticator app or physical security key, Twitter will simply turn off your 2FA after March 20th.
I know which one I would choose.
Good riddance to SMS is my feeling, given how common SIM swap hacks are these days. Heck, Twitter’s own Jack Dorsey was successfully targeted by the technique four years ago. You don’t want someone to get access to your accounts by proving…