Double authentication systems are essential to guarantee the security of online accounts. Thanks to them, if the hackers use our passwords, they won’t be able to log in unless they have the random key that we need to receive on our mobile phone.
Twitter has allowed, since many years ago, a double authentication system. We currently have two ways of using it: through SMS, the most chosen option for users, and through a third-party system such as Google Authenticator. From today, the conditions for using security measures have changed.
The double authentication by SMS only for payment users
It’s the same at the end of the week, Musk announced that the double authentication systems for SMS become a payment function only available for users of Twitter Blue. Esto quiere decir que, si queremos poder reciver la clave acceso por SMS tendremos que pagar nuestra subscription to the social network.
This change comes into effect on March 20th, so Twitter users who use this function and don’t see Blue have one month to change their configuration and switch to another double authentication system if they don’t want to stay without access to the account .
Of the 70% of users who use double authentication systems, 2FA, on Twitter use the mode for SMS. And, as Elon Musk assures in a recent message, false login SMS are causing the company annual losses of 60 million dollars. Although there will be some millions less…
@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages
February 18, 2023 • 6:27 p.m
This change is a good news for non-paying users
Then, why is it good news? The double authentication for SMS is not only more inconvenient, because it obliges us to have coverage to receive an SMS, but it is insecure. There are very simple techniques, such as SIM swapping, which can allow a hacker to take control of the SIM, receive SMS in your number, and start a session on the social network.
En cambio, the alternative, que es use Google Authenticator, it’s much more simple and safe. Through an app, such as Google’s own, Microsoft Authenticator, or Authy, we will register the device and generate the codes from the mobile phone, whether or not we have Internet coverage. There will be systems, unless they are stolen from the mobile phone, they are impossible to break, so our security is much better.
In addition, users of Twitter Free will also be able to use another even more secure security measure: the security keys. In this way, we can use devices like Google Titan or Yubikey as double authentication systems to start a session in these social networks.
Obviously, Elon Musk had two clear intentions when eliminating this function: save money and force users to make their accounts more secure. And, if you want insecurity, you will pay less for Twitter Blue.