Twitter Wants Users To Pay For 2FA

Uploaded on 2023-02-22 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

Elon Musk's takeover and management of Twitter has already provoked criticism and certainly ruffled feathers across the technology industry. Big Tech firms like Google, Microsoft and Meta are leading participants in the social media business and the shakeup at Twitter is certain to be followed closely by both executives and users of other platforms.

Not least among these is Facebook, who have attracted major regulatory penalties over their approach to user privacy and the widespread abuse of their platform for malicious purposes.

Now, the stakes have risen as Musk moves Twitter towards becoming a paid platform with the recent introduction of the Twitter Blue subscription service in some markets and the introduction of account verification using the Blue Tick in return for an annual fee.

The latest development is to charge Twitter users for security features that have previously been free, with the recent announcement by Twitter regarding its two-factor authentication method. This move means that non-Twitter Blue users will have to find an alternative way of securing their accounts within 30 days of receiving notice.

The decision to disable SMS-based two factor authentication for users who do not subscribe to the paid subscription service Twitter Blue gives users 30 days to disable the feature and switch to another factor of authentication. If users do not perform these actions before the 30-day cut off, the SMS-based authentication will be disabled without a substitute in place, and only have a password for authentication until another factor, such as using an authenticator app or security key, is set up.

That's a big enough short term change, but the larger issue is that the majority of Twitter users are not currently securing their accounts with any form of MFA.

According to a report released by Twitter in July 2022, only 2.6% of accounts had two factor authentication enabled as of December 2021, and 74.4% of those accounts are using SMS as an authentication factor. Ciarán Walsh, Associate Research Engineer at Tenable commented, "SMS-based two factor authentication is a weak authentication method as it can be easily exploited using techniques such as sim swapping. The use of an authenticator app or security key is considered stronger as they are not vulnerable to such attacks. Although SMS authentication is considered weak, it is still more secure than using just a password."

Whether introduction of this measure is a short-term fix, as Musk tries different things to see what works at improving the economic performance Twitter, remains to be seen. The progress in his efforts to transform social media into a paid-for service signals a substantial change for the entire social media industry. 

You Might Also Read: 

Algorithms, Lies & Social Media:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Universities Targeted With Ransomware
European & American Hackers Attack China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Microminder Cyber Security

Microminder Cyber Security

Microminder Cyber Security are innovators, advisors, strategists committed to solving your cyber security challenges.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.