Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

Twitter now lets users set security keys as the only 2FA method

July 22, 2021

Now you can safe your account with a bodily safety key as your sole 2FA technique, with none further 2FA choice

In the event you’re on Twitter, now you can use a {hardware} safety key as your sole two-factor authentication (2FA) technique. Whereas beforehand the microblogging service allowed customers to make use of a safety key as one among a number of authentication elements, again in March Twitter announced that it might quickly enable bodily safety keys for use as the only real authentication technique. Holding true to its promise, it has now rolled out the characteristic for all customers who wish to double down on their account safety.

“Holding individuals secure and safe on Twitter is one among our prime priorities, and we’re dedicated to serving to individuals perceive the safety instruments we provide and the right way to use them. Beginning right now, individuals on Twitter have the choice to make use of safety keys as their solely type of two-factor authentication (2FA), which is the best solution to preserve your Twitter account safe,” reads the blog announcing the feature.

Utilizing safety keys as a 2FA technique isn’t novel to Twitter. In 2018 it launched the choice as one among a number of 2FA strategies, however that required customers to have one other type of 2FA activated as nicely, with help being initially rolled out to simply the online model. The characteristic was prolonged to the Android and iOS apps in 2020, and earlier this yr the choice to register a number of safety keys was added as nicely.

Whereas a typical piece of cybersecurity knowledge says that any sort of 2FA is best than none in any respect, {hardware} safety keys present more practical safeguards in opposition to account takeovers than significantly SMS-based 2FA. Certainly, authenticator apps have additionally been in the attackers’ crosshairs.

However, it’s particularly codes received via text messages {that a} decided cybercriminal can intercept with relative ease. Additionally, a foul actor may, for instance, divert textual content messages to a different SIM card by conducting a SIM swap attack, which entails impersonating the goal and contacting their telecom operator to persuade them that the “sufferer’s telephone” was stolen and that they’re now utilizing a brand new SIM.

“Safety keys provide the strongest safety to your Twitter account as a result of they’ve built-in protections to make sure that even when a secret’s used on a phishing website, the data shared can’t be used to entry your account. They use the FIDO and WebAuthn safety requirements to switch the burden of defending in opposition to phishing makes an attempt from a human to a {hardware} gadget. Safety keys can differentiate respectable websites from malicious ones and block phishing makes an attempt that SMS or verification codes wouldn’t,” mentioned Twitter, highlighting the variations.

In the event you haven’t enabled any 2FA strategies in your account simply but, you’d do nicely to take action instantly by following Twitter’s handy guide. And to keep away from your account getting hacked, you possibly can comply with our suggestions on how to stay safe and secure on Twitter.

Posted in SecurityTags:
Write a comment