Twitter will limit the use of two-factor authentication via SMS. What does this mean for users?

Only users who pay a monthly fee to subscribe to Twitter will be able to use text message authentication to keep their accounts secure, the social media company says.

Two-factor authentication isn’t required to be a Twitter user, but it’s a proven and easy way to keep your accounts secure. This makes it so that if someone wants to hack into an account, they must have the password and access to the account holder’s device.

Twitter Blue cost $11/month on Android and iOS in the US. $8 per month for web users. Users have 30 days to sign up or see their SMS two-factor authentication (2FA) automatically disabled. the company said.

The announced platform change is just the latest in a series of decisions that have caused major upheavals on the social media following Elon Musk’s rise to power last year.

Twitter says the reason for the move is because phone number-based two-factor authentication is being “abused by attackers.” But the planned move has angered many users who are concerned about the wider implications.

At least one user named a solution “disgusting” and “disgusting”.

The company says that “disabling 2FA for text messages does not automatically disable your phone number from your Twitter account,” but others say it compromises user security.

Another user suggested that Twitter’s latest move could “lead to class action lawsuits where people get hacked and suffer damage.”

Evan Greer, director of Fight for the Future, a non-profit digital rights group, took to Twitter condemning the move.

In an email to NPR, she called the decision another one of Musk’s “chaotic moves.” She has been critical of Twitter’s recent actions since Musk’s takeover of the company.

“Twitter users should never have been put in this situation. Changes should never be made to things as important as two-factor authentication, which can mean the difference between someone’s physical security and access to their account by a stalker, intruder, or authoritarian government. in such a reckless and ill-conceived way,” Greer wrote in an email to NPR.

Potential impact for users outside the US

There also appear to be wider implications for accounts in other parts of the world.

Gavan Reilly, a reporter from Ireland, tweeted: that Twitter Blue isn’t even available in his country yet, “so there’s literally no way to keep the current security choice.”

Twitter Blue only exists in USA, Canada, Australia, New Zealand, Japan, UK, Saudi Arabia, France, Germany, Italy, Portugal, Spain, India, Indonesia and Brazil. The company says it plans to expand it.

Greer said limiting how users protect their accounts “is also a gift to authoritarian governments.”

“Sure, it’s nice to suggest people use an authenticator app, but what if their government blocks that authenticator app, criminalizes its use, or bans it from the app store?” she said.

And there are apps like Duo that won’t work in some countries if the user’s IP address comes from a US-sanctioned region, including Cuba, Iran, Syria, and areas in Ukraine controlled by Russian forces.

Users should find alternatives to SMS authentication

According to Greer, two-factor authentication is “one of the most basic forms of security that many people use and have access to.”

It’s considered “better than nothing,” but she notes that it’s actually one of the least secure measures. This is “because of a relatively simple attack called ‘sim swapping’ that is becoming more and more common.”

This is when “an attacker calls your cell company impersonating you and convinces them to port your phone number to a new device and then sends themselves a two-factor authentication code,” she said.

Greer added that digital security experts generally recommend switching to an authentication app rather than just relying on a phone number.

“For readers who want to protect themselves: even if you have Twitter Blue, you should stop using SMS for 2-factor and start using an authentication app,” she said. “There are several reputable ones, and some password managers even include them.”

However, Greer said making two-factor authentication a “luxury feature” for some subscribers is stupid and potentially dangerous.

Greer worries about users who are not tech-savvy.

“We know that most users just stick with the defaults or simply take no action if they are confused or unsure,” she said. “In practice, this could mean that millions of vulnerable Twitter users suddenly turn off two-factor authentication and no longer set it up.”

Content Source

California Press News – Latest News:
Los Angeles Local News || Bay Area Local News || California News || Lifestyle News || National news || Travel News || Health News

Related Articles

Back to top button