Twitter announces that the social network's 2FA service can now be used without entering a phone number.
The security team of the Twitter announced last Thursday (21/11), the availability of a new feature that allows users to enable authentication in two factors, without the need to enter the phone number. THE two-factor authentication (2FA) has become increasingly popular over the last few years. Unfortunately, today only one password is no longer enough to keep the security of your internet user accounts out.
One of the most popular forms of 2FA, that via SMS. This form of two-factor authentication consists of, after the user has entered his login and password on the site in question, the service sends an SMS to the user with a randomly generated code. Then the user enters this code as a second password, which finally grants access to the service in question.
However, this form of 2FA has been shown not to be as safe as it sounds. After numerous cases of people who had their phones stolen, cloned numbers or were victims of SIM swap, it was quite clear that using the SMS service to send security codes to users is not the best option to do so.
Even with the clear low security level, this was still the 2FA format used by Twitter until just a few days ago. Fortunately, this security method, which can now be called obsolete, is being set aside by the blue bird social network.
From now on, Twitter's two-factor authentication will use the FIDO2 WebAuthn protocol, which supports a larger number of browsers and authenticators, and will no longer request a phone number for the feature to be enabled.
As you can see in the tweet below, the feature was officially released by the Twitter security team on Thursday (11/21), around 1 pm.
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1 Twitter Safety (@TwitterSafety) November 21, 2019
I am, or was, a terrible example of a user when the safety issue, and until a few days ago I had not used 2FA on any of my internet accounts. Luckily take it and enabled the functionality on all of them. That said, I strongly recommend that you do not follow my example, and keep two-factor authentication enabled on as many accounts as possible. After all, after M happens, it's no use crying.
Looking at the user account data in our forum, Diolinux Plus, I noticed that a very large number of users are still not using the 2FA service. Then drop the laziness aside and enable two-factor authentication for as many services as you can.
Do you use 2FA in your accounts? Or is there any reason, which I don't know, that makes using this type of resource not the best option? Tell us in the comments!
For more information you can access the official post (in English) disclosing the new functionality. Do you like Linux and technology? Got a question or problem you can't solve? Come join our community in the Diolinux Plus!
This is all folks!
See an error or would you like to add any suggestions to this article? Collaborate, click here.