Twitter’s 2FA Changes
By Danny Chung | Feb 20, 2023
Twitter recently announced an update on their 2FA.
Although it may sound counter-intuitive initially, but my assumption is that Twitter is pushing towards more secure methods of 2FA. Here’s my two cents:
In a recent 2022 report, only 2.6% of active users enabled 2FA. Of those users that have 2FA enabled, 74.4% were using SMS, 28.9% were using an authenticator app (such as Google Authenticator), and 0.5% were using a security key; there is overlap because a user can enable multiple 2FA methods.
My assumption is that one of three things will happen from this new approach.
1. Security and convenience are a balance. For those 75% of users with 2FA via SMS, a majority will not want to pay for Twitter Blue, and they will resort to using either an authenticator app, or a security key.
2. Users will pay for the convenience of being able to continue to use the less secure 2FA via SMS.
3. Disable 2FA altogether — perhaps due to using anything other than SMS is deemed too inconvenient.
In the end, this can really increase security if more users opt for option #1, or it will decrease security because of option #3. Let’s see how things will play out.
Although I would have loved to see the implementation of passkeys, it may be a very slow adoption rate as it is not as mainstream as yet.
Chief Technology Officer @ University of Redlands | Information Assurance & Security Management
2 年I'd like to agree, but I believe it is a push to lower costs and drive Twitter Blue subscriptions. I do agree that it is more secure to go away from SMS, which is why I wasn't too upset about the change. Just need to ensure my chosen 2fa app is backed up.