Millions of Twitter users are being urged to check their settings today – “dangerous” appending leaves you exposed
MILLIONS of Twitter users have been urged to check their settings now or risk having their accounts hacked.
Twitter revealed last month that it would disable SMS-based two-factor authentication (2FA) for all users except Twitter Blue subscribers.
Twitter blue is Twitter’s paid service that starts at $8 a month or $84 a year.
“After March 20, 2023, we will no longer allow non-Twitter Blue subscribers to use text messages as a 2FA method,” the company said in a blog posts.
“At that point, accounts with text message 2FA still enabled will have it disabled,” they added.
What is SMS 2FA?
Most smartphone users rely on two-factor authentication, also known as 2FA, to secure their online accounts.
2FA protects your accounts by requiring an additional level of verification before you log in – such as a text confirmation (SMS).
The tech giant, which was bought by billionaire Elon Musk in October 2022, called SMS-based 2FA “historically popular.”
“Unfortunately, we’ve seen phone number-based 2FA being used — and abused — by bad actors,” they added.
However, many cybersecurity experts believe that Twitter’s move will leave many users unprotected.
Michael Crandell, CEO of password management company Bitwarden, told The US Sun: “SMS users are likely to be most affected, which is unfortunate because there is a reduction in security for those users.”
Still, there are ways for users to keep their accounts protected after Twitter disables SMS 2FA.
“Bitwarden recommends that users choose an authentication application instead of SMS,” Crandell said.
“Big companies provide apps like Google Authenticator, Microsoft Authenticator or Twilio Authy,” he added.
Some authenticators favored by Bitwarden include Raivo on iOS and Aegis on Android.
The company also offers built-in authentication for any paid plan, which starts at just $10 a year.
“This makes it extremely easy to bundle 2FA into your password manager,” Crandell said.
iPhone-owning Twitter users can also use Apple’s built-in 2FA tool, which the company describes on its site as “an additional layer of security” that is designed to “ensure that you are the only person who has access to your account, even if someone knows your password.”
The feature is useful for keeping apps containing sensitive information (such as banking or investment details) secure, and can also help protect you from identity and phishing scams.
How to activate Apple’s Authenticator
To turn on Apple’s built-in authentication, first go to Settings on your iPhone, then select Passcode.
Use Face or Touch ID to access your passwords, then tap the account you want to set up 2FA for.
It is important to note that this method of 2FA will not work with all websites or apps.
Then click Set up verification code. You will see a menu with two options: Enter Setup Key and Scan QR Code.
If you choose Setup Key, go to the app’s or website’s page and copy the Setup Key.
Just paste the code into the iPhone’s Settings Setup Key field and then tap OK.
Should you choose the QR code option, you need to look in the settings of that service/website and then scan it.