How to keep your Twitter secure without giving Elon Musk any money • ClassyBuzz

classybuzzFebruary 18, 2023

2 3 minutes read

Late on Friday, Twitter introduced a brand new coverage that can take away textual content message two-factor authentication (2FA) from any account that received’t pay for it.

In a weblog put up, Twitter stated that it’s going to solely permit accounts that subscribe to its premium Twitter Blue characteristic to use textual content message-based 2FA. Twitter customers that don’t swap to a unique kind of two-factor authentication could have the characteristic faraway from their accounts by March 20.

That implies that anybody who depends on Twitter sending a textual content message code to their telephone to log in could have their 2FA switched off, permitting anybody to entry their accounts with only a password. When you have an simply guessable Twitter password or use that very same password on one other website or service, it’s best to take motion sooner moderately than later.

Twitter claims it’s “dedicated to conserving folks secure and secure on Twitter.” This isn’t true. As an alternative, you’re taking a look at one of many stupidest safety selections made by an organization taking part in out in real-time.

Advertisements

It’s not clear for what motive this new 2FA coverage, first revealed by Platformer’s Zoë Schiffer and later confirmed by Twitter, was instituted. Since Elon Musk’s $44 billion takeover, Twitter has been hemorrhaging cash and staff. It’s possible that the transfer to remove SMS 2FA was to save the corporate money, given sending textual content messages isn’t low-cost. We’d ask Twitter for remark, however Musk fired its complete communications workforce.

Twitter justified the choice in its blog post, saying SMS 2FA will be abused by unhealthy actors. That is true, akin to SIM swap assaults, the place a hacker convinces your cell supplier to assign a sufferer’s telephone quantity to a tool managed by the hacker. By taking management of an individual’s telephone quantity, the hacker can impersonate the sufferer — in addition to obtain textual content message codes that may permit the hacker entry to a sufferer’s on-line accounts. However making SMS 2FA accessible to solely Twitter Blue subscribers doesn’t make paying customers any extra shielded from SIM swap assaults. If something, by encouraging paid customers to depend on SMS 2FA, their Twitter accounts are extra inclined to takeovers if their telephone quantity is hijacked.

That every one being stated — and that is necessary — SMS 2FA nonetheless gives far better protections for your accounts than not utilizing 2FA in any respect. However Twitter’s new coverage isn’t the best way to encourage customers to use a extra secure 2FA. In truth, firms like Mailchimp take the alternative (however right) method by encouraging users to swap on 2FA by discounting prospects’ month-to-month payments.

The silver lining — if we are able to name it that — is that Twitter isn’t scrapping 2FA altogether. You possibly can nonetheless shield your account with sturdy 2FA without paying Elon Musk a dime.

No matter whether or not or not you’ve gotten deserted your Twitter account in favor of other, decentralized providers like Mastodon and others, you’ll nonetheless need to take motion earlier than March 20 to secure your account within the occasion that somebody breaks in and begins tweeting on your behalf.

As an alternative of utilizing 2FA codes despatched by textual content message, you want app-based 2FA, which is way extra secure and is as quick as receiving a textual content message. (Many on-line websites, providers and apps additionally provide app-based 2FA.) As an alternative of getting a code despatched to your telephone by textual content message, you possibly can generate a code via an authenticator app on your telephone — like Duo, Authy, or Google Authenticator to identify a number of. That is a lot extra secure because the code by no means leaves your machine.

Picture Credit: ClassyBuzz (screenshot)

To set this up, first ensure you have your authenticator app put in on your telephone. Go to your Twitter account, then go to Settings and privateness, then Safety and account entry, then Safety. When you’re on the Two-factor authentication settings, then choose Authentication app. Observe the prompts rigorously — you might have to enter your account password to get began. When you’re completed, it is possible for you to to log in utilizing your password, then a code generated from your authenticator app.

Bear in mind, as a result of it is a much more secure means of accessing your Twitter account, which implies in the event you lose your telephone it may be very troublesome to get again into your account. That’s why it’s best to keep a report of your backup codes, which permit you to achieve entry to your account in case you are locked out, safely saved in your password supervisor. You will discover your backup codes in the identical place you arrange your app-based 2FA.