MILLIONS of Twitter users have been urged to check their settings now or risk their accounts getting hacked.
Twitter revealed last month that it would disable SMS-based two-factor authentication (2FA) for all users except Twitter Blue subscribers.
GettyMillions of Twitter users have been urged to check their settings now[/caption]
Twitter blue is Twitter’s paid service that starts at $8 a month or $84 a year.
“After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method,” the company said in a blog post.
“At that time, accounts with text message 2FA still enabled will have it disabled,” they added.
What is SMS 2FA?
Most smartphone users rely on two-factor authentication, also known as 2FA, for securing their online accounts.
2FA protects your accounts by requiring an extra level of verification before logging in – such as a text (SMS) confirmation.
The tech giant, which was purchased by billionaire Elon Musk in October 2022, called SMS-based 2FA “historically popular.”
“Unfortunately, we have seen phone-number-based 2FA be used – and abused – by bad actors,” they added.
Many cybersecurity experts, however, believe that the move by Twitter will leave many users unprotected.
Michael Crandell, CEO of password manager company Bitwarden, told The US Sun: “SMS users are likely to be the most impacted, which is unfortunate because it’s a reduction in security for those users.”
Still, there are ways for users to keep their accounts protected after Twitter disables SMS 2FA.
“Bitwarden recommends that users choose an authenticator application instead of SMS,” Crandell said.
“Large companies provide apps such as Google Authenticator, Microsoft Authenticator, or Twilio Authy,” he added.
Some authenticators favored by Bitwarden include Raivo on iOS and Aegis on Android.
The company also provides a built-in authenticator for any paid plan, which start at just $10 a year.
“This allows extreme convenience of bundling your 2FA within your password manager,” Crandell said.
Twitter users who own iPhones can also use Apple’s built-in 2FA tool, which the company describes on its website as “an extra layer of security” that is designed to “ensure that you’re the only person who can access your account, even if someone knows your password.”
The feature is helpful in keeping apps that contain sensitive information (such as banking or investment details) secure, and can also help protect you from identity and phishing scams.
How to enable Apple’s Authenticator
To turn on Apple’s built-in authenticator, first, head into Settings on your iPhone and then select Passwords.
Use Face or Touch ID to access your passwords and then tap on the account you want to set up 2FA for.
It’s important to note that this method of 2FA will not work with every website or app.
Next, click on Set Up Verification Code. You will see a menu of two options: Enter Setup Key and Scan QR Code.
If you choose Setup Key, go into the app or website’s page, and copy their Setup key.
Simply paste the code into your iPhone’s Settings Setup Key field and then tap OK.
Should you choose the QR code option, you will have to look in that service/website’s settings and then scan it.