Categories
Internet Security

Twitter reveals the use of 2FA in its users

Twitter in a report made with data from july to December 2020 has revealed that most of its users do not use the 2-step authentication system (2FA), one of the best ways to protect your Twitter account.

The report focuses on showing statistics on how Twitter users protect their accounts. Knowing the name of a Twitter user you can get to know their password since it is nothing more than a string of alphanumeric characters. No matter how complicated you put your password, you will never have the 100% security that protects your account. For that reason, it is very important that security in our social networks is like an onion by layers, and that you add layers of protection so that no one steals your account.

One more layer of protection

Using the second authentication factor is one of those layers discussed above that helps protect your account. Keeping your account safe is an important part of using Twitter. Twitter itself recommends its users to take precautionary measures to protect themselves, but in view of this report perhaps users are not trying hard enough.

The Internet is a place full of dangers. Every day some new threat comes out and unlike a few years ago in which the main threat was computer viruses (which used to have a joking or destructive tone), today, most of the dangers of the internet is the theft of our data. We are our data, and we have to take care to keep it safe.

Twitter began publishing statistics about security protections that its users use on Twitter accounts and this report is an example of that. Doing so provides the data necessary for researchers and security professionals to continue to improve the security status of accounts on the Internet.

What is 2FA?

Two-factor authentication (2FA)  is one of the best protections to keep your Twitter account safe. Enabling 2FA ensures that even if your account password is compromised (perhaps due to reusing your Twitter password on other, less secure websites), attackers still won’t be able to log into your account by not having access to a device you carry with you that confirms it’s you.

Twitter supports several types of two-factor authentication. These include sending a unique code to the phone number linked to an account (text message/SMS), using a mobile app to generate a unique code (authenticator app), or using a security key (the most appropriate ones). Overall, SMS-based 2FA is the least secure due to its susceptibility to SIM theft and phishing attacks.

Report data

The report says that only 2.3% of Twitter accounts use 2FA. Why? There are several causes, but perhaps the fundamental one is that the user experience is unfortunate when putting a wall in front of you that you have to download in order to protect your account. You have to set up a two-step process yourself to be able to use your account and sometimes you don’t have time to do it or it seems like a long process.

twitter
Figure 1. Resume report of Twitter

In addition, the types of 2FA that twitter uses are 3: SMS, authenticator application (auth app) and security key (security key). The second most used factor is the use of a text message to the phone associated with the account. However, as mentioned this type of second factor is not the best since the device may have been compromised by a phishing attack or a sim theft.

Summary

Internet security does not exist 100%. No one can guarantee that an account you have on the internet is secure. Even last year there was a theft of Twitter accounts for a bitcoin scam that managed to bypass the entire system of user authentications (see Identity theft from verified profiles to steal bitcoins). I ‘m sure those hacked accounts had the majority of the 2FA and it didn’t do much good if cybercriminals are able to break into the internal systems of an internet company.

It is very necessary to use all possible protections to keep our data safe. The more layers of protection we can put between us and the attacker the better.

Leave a Reply