With Twitter, users can enable two-factor authentication without linking a phone number

Twitter users no longer need to link their accounts to a phone to prove who they are after hackers have stolen CEO Jack Dorsey's number to access his account and post racist and offensive tweets

  • Twitter has updated its security settings to change its two-factor authentication
  • Users no longer have to connect their phone number to log in to their account
  • They can now use authentication apps or security keys to log in instead
Advertisements

Twitter has updated its security settings so that users can enable two-factor authentication without linking their phone numbers.

On the social media site, members can now use authentication apps or security keys to prevent them from falling victim to SIM swapping – a scam that cyber thieves can use to infiltrate smartphones.

The update comes a few months after hackers gain access to the Twitter CEO Jack Dorsey account by stealing his cell phone number.

Twitter rolled out two-factor authentication in 2013, after a number of high-profile hacks.

Advertisements

The security feature sends users a six-digit code via text every time they log in to check if they are actually who they claim to be.

However, it has become clear that texting is much more vulnerable than initially thought, so if you trust this as a security feature, this can leave a window open for hackers – and Twitter now realizes this.

Scroll down for video

Twitter has updated its security settings so that users can enable two-factor authentication without linking their phone numbers

Twitter has updated its security settings so that users can enable two-factor authentication without linking their phone numbers

Users no longer have to transfer their phone numbers to log in to their account.

Instead, they can use security keys, a physical device that looks like a USB stick, or a Web authentication standard (WebAuthn) approved by the World Wide Web Consortium.

Advertisements

With this technology, servers can register and authenticate users using public key cryptography instead of a password. This allows servers to be integrated with the strong authenticators that are now built into devices such as Windows Hello or Apple & # 39; s Touch ID.

Instead of a password, a private-public key pair (known as a reference) is created for a website.

On the social media site, members can now use authentication apps or security keys to prevent them from falling victim to SIM swapping - a scam that cyber thieves can use to infiltrate smartphones

On the social media site, members can now use authentication apps or security keys to prevent them from falling victim to SIM swapping - a scam that cyber thieves can use to infiltrate smartphones

On the social media site, members can now use authentication apps or security keys to prevent them from falling victim to SIM swapping – a scam that cyber thieves can use to infiltrate smartphones

The change comes about two months after Twitter CEO Jack Dorsey hacked his own account. On August 30, a series of offensive tweets and retweets stayed on Twitter and remained on the CEO's page for about 15 minutes

The change comes about two months after Twitter CEO Jack Dorsey hacked his own account. On August 30, a series of offensive tweets and retweets stayed on Twitter and remained on the CEO's page for about 15 minutes

Advertisements

The change comes about two months after Twitter CEO Jack Dorsey hacked his own account. On August 30, a series of offensive tweets and retweets stayed on Twitter and remained on the CEO's page for about 15 minutes

Brian Wong, a Twitter software engineer, said, "Among our 2FA options, security keys stand out as one of the strongest due to their low friction and phishing-resistant capabilities."

"The WebAuthn API provides strong browser-to-hardware-based authentication using devices such as security keys, mobile phones (NFC, BLE) and other built-in authenticators such as TouchId.

"The underlying edits of the WebAuthn standard authenticate users by exchanging user data using public key cryptography."

The change comes about two months after Twitter CEO Jack Dorsey hacked his own account.

Advertisements

On August 30, a series of offensive tweets and retweets blew onto Twitter and remained on the CEO's page for about 15 minutes.

Tweets from the Dorsey account during the period include repeated use of the word & # 39; n **** r & # 39; along with occasional use of & # 39; b *** h & # 39 ;.

Tweets from the Dorsey account during the period include repeated use of the word & # 39; n **** r & # 39; together with occasional use of & # 39; b *** h & # 39;

Tweets from the Dorsey account during the period include repeated use of the word & # 39; n **** r & # 39; together with occasional use of & # 39; b *** h & # 39;

Tweets from the Dorsey account during the period include repeated use of the word & # 39; n **** r & # 39; together with occasional use of & # 39; b *** h & # 39;

There were countless tweets that gave shoutouts to different people, but did not tag accounts

There were countless tweets that gave shoutouts to different people, but did not tag accounts

Advertisements

There were countless tweets that gave shoutouts to different people, but did not tag accounts

Twitter Communications tweeted that they were investigating what happened to the & # 39; compromised & # 39; Dorsey account, but security experts suggest it was a SIM swapping hack

Twitter Communications tweeted that they were investigating what happened to the & # 39; compromised & # 39; Dorsey account, but security experts suggest it was a SIM swapping hack

Twitter Communications tweeted that they were investigating what happened to the & # 39; compromised & # 39; Dorsey account, but security experts suggest it was a SIM swapping hack

An additional tweet also claimed that if people didn't follow one specific account, Twitter headquarters would inflate & # 39; & # 39 ;.

A note was included in the retweets about the & # 39; booty & # 39; of James Charles and another claim that & # 39; nazi-germany did nothing wrong & # 39 ;.

& # 39; Do not include my s ** t @ plugwalkjoe / @ percocet / @ 99 u bare skeleton clog, & # 39; said the suspected hacker in the last tweet before Jack claimed his account.

The tweets and retweets were quickly removed from the Dorsey account and all accounts that were retweeted had their accounts suspended.

Twitter Communications tweeted that they were investigating what happened to Dorsey's account.

Although Twitter has not confirmed this, security experts believe it was a SIM swap hack, a type of account takeover fraud that typically aims at a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS (SMS) or call to a mobile phone .

Advertisements

. (TagsToTranslate) Dailymail (t) sciencetech

- Advertisement -