How to Keep Your Twitter Secure

Twitter recently announced that there is now a new policy that will remove two-factor authentication (2FA), which involves text messages from any account that doesn’t pay for it. This means that the platform will only allow accounts that subscribe to its premium Twitter Blue feature to use text-based 2FA. a different type of two-factor authentication will have the feature removed from their accounts by March 20 of this year.

How does it work?

This new policy is supposed to make it so that any user who trusts Twitter to send a text message code to their phone to log in will have their 2FA disabled, thus making it possible for anyone to access their accounts with just a password only without the need for two-factor authentication.

What users can do?

In this case, if a user has a Twitter password that is easy to guess or if they also use the same password that they use to log in to Twitter on another site or service, they should take action as soon as possible to avoid any misunderstanding.

“Committed to keeping people safe and secure on Twitter,” is what Twitter advertises, however this is not entirely true as you are looking at one of the least secure security decisions ever made by a company in real time.

Why are they taking this decision?

Twitter most likely made the decision to remove SMS 2FA outside to save the company money, as texting isn’t cheap and ever since the $44 billion acquisition of Elon Musk, Twitter has been losing cash. and employees.

Twitter reasons:

The platform justified the decision in its blog post, saying that bad guys can abuse SMS 2FA, which could be due to SIM swapping attacks, where a hacker convinces your mobile provider to assign the number of a victim’s phone to a device controlled by the hacker and where he enters all the user’s information.

When the hacker is in control of a user’s phone number, the hacker can impersonate the victim, thus being able to receive text message codes that can allow them to access the victim’s online accounts.

However, making 2FA SMS available only to Twitter Blue subscribers does not make it more secure as this can also happen to a paying user.

Twitter isn’t scrapping 2FA altogether

In fact, Twitter still maintains 2FA, and users can still use it without paying, just you can’t have 2FA via text, but users can still start taking steps to protect their accounts. with app-based 2FA, which is much more secure and as fast as receiving a text.

How does it work?

It’s quite simple, only the user can generate a code through an authenticator app on their phone, such as Duo, Authy or Google Authenticator, so they don’t need to send a code to their phone via text message. This form of 2FA is much more secure as the code never leaves your device and the user can use it whenever they need to.

The first thing the user must do is have their authentication application installed on their phone, then they only have to enter the Twitter account, then go to Settings and privacy, then Security and account access, then Security. When in two-factor authentication settings, the user must select the authenticator app. Most likely, the user will need to enter their password, and once you are done with the process, the user will be able to log in with their password, so they can then receive a code generated from your authenticator app.

In case the user loses their phone, they can find the backup codes in the same place where they set up their app-based 2FA. So it’s important to keep track of your backup codes, which allow you to gain access to your account if you’re locked out, safely stored in your password manager.