Twitter recently announced text message/ SMS based two-factor authentication (TFA) will be disabled for unpaid/non-Blue Twitter users from March 20, 2023. This announcement has both a positive and a negative side.
In Twitter's transparency blog from July 2022, it was announced that among the 2.6% of Twitter users who enabled TFA, a whopping 74.4% preferred SMS-based TFA over authenticator apps or a security key-based TFA model.
From this data, it is evident that SMS-based authentication is the most convenient and popular option. Though it seems convenient and quick, out of all the other options, SMS based authentication is the least secure. Read on to find out why moving to an app-based authenticator like OneAuth for TFA is better than SMS-based authentication.
To quote from Twitter's blog, "while historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors."
In short, fraudsters have aced methods to bypass SMS-based TFA.
Problems with SMS-based two-factor authentication:
- SIM swap attack: Bad actors, through your mobile service providers, can get a hold of a SIM under your registered number and gather your account login information.
- Mirroring apps: Your SIM's activities could easily be monitored by an attacker using specific apps. If that happens, the control you have over OTPs associated with your number fades away.
- End-to-end encryption: Messages are simply not end-to-end encrypted, making SMS-based authentication vulnerable and susceptible to man-in-the-middle attacks.
- Dependency: SMS-based authentication is dependent on the network provider, posing problems in delivering them in remote areas where your mobile signal could be poor. TFA apps can work even in that situation and help you login.
- Smishing: Another problem it causes is "smishing" meaning SMS + phishing attack where a perpetrator sends fake messages from a sender ID that seems original. It might contain links with malicious intent. Smishing attacks are designed to steal information from you by requiring you to provide personal or financial account information.
Losses due to smishing attacks exceeded $130 million in 2021 alone.
Ditching Two-Factor Authentication altogether is not the solution
Turning off TFA gives way for bad actors to take control of your account through password breaches. Only when you turn on TFA, even if your passwords fall into wrong hands, no one can get to your account without the TFA code. Authenticator apps are the best way to go.
Authenticator apps' setup is not complex. Believe us!
We'll guide you through the setup for OneAuth, the multi-factor authentication tool from Zoho. The steps are simple, and once done, you're ready and secure.
After things are set up, just how you'd look for a code in your text messages after typing out your password, open your authenticator app to get your Twitter TFA code.
Benefits of using an authenticator app over SMS-based TFA
Common mistakes when choosing an authenticator app
Falling for a fraud authenticator
Your search for an authenticator must not end in the first result that an app store or playstore throws up. If you simply choose the first app that you see, you could be falling into a trap.
If you choose illegitimate authenticator app, you significantly reduce your account security. On screen, these authenticators behave like every other authenticator app, but on the backend, criminals are storing your account details with malicious intent.
Some of the major issues include ads that might contain security threats, a huge cost posed on you for accessing all the features, and collection of personal or financial data to use against you.
Choosing an authenticator without backup
Another common error is not looking into the specifications of the authenticator app. Majority of times, users fail to check if the authenticator app is supporting backup.
If the app doesn't support backup, you will lose access to your account in case of mishaps. A top case to list would be loss of the device with which you have configured online accounts like your Twitter account. If you lose access to your TFA codes, you'll be locked out of your online accounts. To avoid this, be sure to check the app's specifications and specifically look for information on backup capabilities.
To avoid any other issues when choosing an authenticator app, always look for the app's rating, the number of customers who rated it, its level of security, and especially its features. If all the boxes are checked, that app is the right authenticator for you.
It's time you make the right choice
OneAuth is the secure two-factor authentication tool from Zoho for your online accounts. If you've heard of Zoho previously, you're likely aware that privacy is our priority. Since privacy for your online accounts is essential, OneAuth from Zoho is an ideal choice.
Download OneAuth now!