With physical key support, Twitter makes hacking into accounts much more difficult

guest · Jun 27, 2018

With physical key support, Twitter makes hacking into accounts much more difficult
Now you can log in with a push of a button ... almost.
June 27, 2018
https://www.zdnet.com/article/with-...er-makes-hacking-accounts-far-more-difficult/

Buried in an announcement Tuesday, Twitter said it will now support physical security keys for login verification, making it far more difficult to break into a user's account.

Known as universal two-factor (U2F) devices, these small keyring-sized devices that you can take anywhere add an extra layer of security to supporting services. Unlike a text message code sent to your phone that can be intercepted and used, a universal two-factor keyfob requires a user to physically push a button to authorize a login.

Twitter said that in order to set up a physical two-factor key, that user's account must be associated with a mobile phone number -- another new measure that Twitter is requiring of all new accounts, the company said in a blog post.
Click to expand...

guest · Dec 2, 2020

Twitter now supports hardware security keys for iPhones and Android
December 2, 2020
https://techcrunch.com/2020/12/02/t...rdware-security-keys-for-iphones-and-android/

Twitter said Wednesday that accounts protected with a hardware security key can now log in from their iPhone or Android device.

The social media giant rolled out support for hardware security keys in 2018, allowing users to add a physical security barrier to their accounts in place of other two-factor authentication options, like a text message or a code generated from an app.
But technical limitations meant that accounts protected with security keys could only log in from a computer, and not a mobile device.
Click to expand...

Now anyone with a security key set up on their Twitter account can use that same key to log in from their mobile device, so long as the key is supported.
Click to expand...

Protecting your account on all of your devices is important. We’ve updated two-factor authentication so you can now log in with your physical security key on Android and iOS, like on desktop. More on how to set up this added security for your account: https://t.co/c7hff75zQd
— Twitter Support (@TwitterSupport) December 2, 2020
Click to expand...

guest · Jul 1, 2021

Twitter now lets you use security keys as the only 2FA method
July 1, 2021
https://www.neowin.net/news/twitter-now-lets-you-use-security-keys-as-the-only-2fa-method/

Late last year, Twitter added support for security keys in order to provide an extra layer of protection for your accounts and make it easier to sign in on Android and iOS, just like you can do on desktop. However, you needed to have another authentication method first such as SMS verification before you could make use of that security option.

That's changing now as Twitter announced today that you can use security keys as the only authentication method, without you having to turn on another two-factor authentication method. This means that you can use security keys as the only 2FA option on both mobile and the web; there's no need to add SMS or authentication code as backup.
Twitter also noted how important the new change is, especially to people who might not be able to have a backup 2FA method or does not want to share their contact number with the company.
Click to expand...

Twitter: Stronger security for your Twitter account

Keeping people safe and secure on Twitter is one of our top priorities, and we’re committed to helping people understand the security tools we offer and how to use them. Starting today, people on Twitter have the option to use security keys as their only form of two-factor authentication (2FA), which is the most effective way to keep your Twitter account secure.
Click to expand...

guest · Jul 23, 2021

Twitter reveals surprisingly low two-factor auth (2FA) adoption rate
July 23, 2021
https://www.bleepingcomputer.com/ne...singly-low-two-factor-auth-2fa-adoption-rate/

Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020.
Almost 80% of 2FA enabled accounts use SMS
Out of the 2.3% of all users who had 2FA enabled over this reporting period, 79.6% used SMS-based, 30.9% a multifactor authentication (MFA) app, and only 0.5% a security key.

It's also worth noting that Twitter also allows enabling multiple 2FA methods per account, making it possible to have one, two, or all three 2FA methods enabled for each account.

"In general, SMS-based 2FA is the least secure due to its susceptibility to both SIM-hijacking and phishing attacks," Twitter explains.
Click to expand...

However, despite the meager rate of adoption, Twitter saw a growing number of users who enable 2FA to secure their accounts from hijacking attempts, with an increase of 9.1% from July to December 2020.

The low rate of 2FA adoption is an industry-wide issue, with users being discouraged by the overly complicated and non-intuitive procedure they need to go through to enable it.

"Overall, these numbers illustrate the continued need to encourage broader adoption of 2FA, while also working to improve the ease with which accounts may use 2FA," Twitter added.
Click to expand...

guest · Oct 27, 2021

Twitter employees required to use security keys after 2020 hack
October 27, 2021
https://www.bleepingcomputer.com/ne...equired-to-use-security-keys-after-2020-hack/

Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year's hack.

The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter's Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.

"Over the past year, we've accelerated efforts to increase the use of security keys to prevent phishing attacks," they said.
"We've also implemented security keys internally across our workforce to help prevent security incidents like the one Twitter suffered last year."
Click to expand...

After the July 2020 hack, Twitter revealed that the attackers took control of dozens of high-profile accounts after stealing Twitter employees' credentials following a phone spear-phishing attack on July 15, 2020.
Click to expand...

Twitter: How we rolled out security keys at Twitter

Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks. In June, we gave people the option to use multiple security keys to protect their Twitter accounts. We’ve also implemented security keys internally across our workforce to help prevent security incidents like the one Twitter suffered last year. This October, for #CybersecurityAwarenessMonth, we’re sharing some of our thoughts and takeaways from our efforts to deploy security keys internally at Twitter.
The rollout
As described in our previous post, security keys use the FIDO and WebAuthn security standards to provide phishing-resistent two-factor authentication (2FA). [...]
Click to expand...

Log in or Sign up

With physical key support, Twitter makes hacking into accounts much more difficult

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

With physical key support, Twitter makes hacking into accounts much more difficult

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches