HomeCII/OTProtect Your Twitter Account After the End of Free SMS 2FA

Protect Your Twitter Account After the End of Free SMS 2FA

Published on

spot_img

Twitter has announced that it is disabling SMS-based two-factor authentication for all but paying users, following abuse by bad actors who hacked into accounts by taking advantage of vulnerabilities in text messages. Such attacks have resulted in the loss of millions of dollars and sensitive information. Twitter’s statement announcing the decision, issued in the middle of February, said that it is taking this step because phone-number-based 2FA has become increasingly vulnerable to hacking attacks by bad actors. However, users shouldn’t stop using 2FA altogether, as it is still better than using only a password.

The first and most commonly used second factor of authentication was text messages. This method has been by far the most popular because of the convenience of just waiting for a text with a code and entering the code after inputting your password. However, using text messages as a second factor of authentication is susceptible to various attacks, with incoming texts unencrypted and easy to intercept, read, or redirect.
 
Twitter CEO Elon Musk said on Twitter that the company was getting scammed by phone companies for $60 million a year of fake 2FA SMS messages.

So, Twitter is encouraging its users to use other methods of 2FA. There are two other types of 2FA authentication that Twitter supports and that are more secure than text messages. First, users can use an on-device authenticator app such as Microsoft Authenticator or Google Authenticator that provides robust security. The app generates a one-time code to confirm the user’s identity when logging into a website or app. Although this method has similar steps to the SMS 2FA method, the app has an advantage over text messages as the code appears in the app, which is directly linked to the device, rather than to a phone number.

The second method is a hardware security key that is connected via USB, NFC, or Bluetooth. Physical keys provide high levels of security, especially because the codes are usually not vulnerable to interception or redirection. For criminals to break into a user’s account, they would have to steal the key and obtain the login credentials.

Other Twitter security improvements that users can make include strong and unique passwords, review account security and privacy settings, and subscribing to Twitter Blue to use another type of 2FA, such as an authenticator app or a hardware key.

Source link

Latest articles

Cyber Briefing – 2026.07.02 – CyberMaterial

Cybersecurity Alert: Latest Vulnerabilities and Their Implications In the rapidly evolving landscape of cybersecurity, a...

Scattered Spider Suspect Extradited from Finland to the United States

Suspected Cybercriminal Extradited to U.S. from Finland: Peter Stokes and the Scattered Spider Group In...

Researcher Discusses Release of Undisclosed Zero-Day Exploits

A pseudonymous security researcher, operating under the monikers ‘bikini’ and ‘ashdfrkl’ on various platforms,...

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

More like this

Cyber Briefing – 2026.07.02 – CyberMaterial

Cybersecurity Alert: Latest Vulnerabilities and Their Implications In the rapidly evolving landscape of cybersecurity, a...

Scattered Spider Suspect Extradited from Finland to the United States

Suspected Cybercriminal Extradited to U.S. from Finland: Peter Stokes and the Scattered Spider Group In...

Researcher Discusses Release of Undisclosed Zero-Day Exploits

A pseudonymous security researcher, operating under the monikers ‘bikini’ and ‘ashdfrkl’ on various platforms,...