The Limited Times

Now you can see non-English news...

Twitter provides 2FA account coverage without a mobile number


Previously, Twitter users had to provide their phone number if they wanted to double-secure their account. Now the group allows two-factor authentication even without a mobile number.

In order to protect their account better against attackers, Twitter users can set up a two-factor authentication (2FA) in the future also without giving their mobile number. So far, the specification of such a number was mandatory, so that the necessary for 2FA login codes could be sent via SMS to this number. Users had criticized this requirement for some time, mainly because of security concerns.

In retrospect, SMS-based two-factor authentication could no longer be deactivated even if the second security feature was an authenticator app or a hardware security key.

The problem: With a method known as sim-swap, attackers could gain access to accounts via the SMS option, something that has happened time and again over the past few years.

In a sim-swap, the perpetrators adopt a digital identity by, for example, by ordering their victim's data from their mobile service provider to order a new sim card. So they can intercept the SMS sent two-factor authentication codes and log in to the foreign account.

Twitter became active only after hackers managed to use this method to take over the official account of Twitter CEO Jack Dorsey in August. The strangers then sent racist and vulgar tweets to 4.2 million followers via their account.

Source: spiegel

You may like

News/Politics 2019-08-31T01:49:27.686Z

Trends 24h

Tech/Game 2020-02-27T22:21:19.634Z


tech 2020/02/27    

© Communities 2019 - Privacy