Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Twitter

Twitter Will Finally Let Users Disable SMS as Default 2FA Method (zdnet.com) 9

Twitter says users will finally be able to disable SMS-based two-factor authentication (2FA) for their accounts, and use an alternative method only, such as a mobile one-time code (OTP) authenticator app or a hardware security key. Until this week, this was impossible. From a report: If users wanted to use 2FA for their Twitter account, they had to register a phone number and enable the SMS-based 2FA method, even if they wished it or not. Users who wanted to use an OTP mobile authenticator app or a hardware security key, had to enable the SMS-based 2FA first, and they couldn't disable it. Even if the user chose to use a security key, the SMS-based 2FA method was still active, and exposed the account to attacks known as SIM swaps. Hackers who knew a user's password would perform a SIM swap to temporarily hijack a user's phone number, bypass SMS-based 2FA, and then take over that user's account.
This discussion has been archived. No new comments can be posted.

Twitter Will Finally Let Users Disable SMS as Default 2FA Method

Comments Filter:

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...