Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option.
According to the data shared by Twitter in its recently released transparency report, the popular social network’s users are reluctant to adopt two-factor authentication (2FA) to bolster their account security. In fact, the report paints a pretty bleak picture considering that over the second half of 2020 only 2.3% of active Twitter accounts had at least one 2FA method enabled.
A quick refresher, 2FA also widely known as multifactor authentication (MFA), is one of the simplest ways to add an extra layer of security to your accounts. There are three classic authentication factors, often known as “something you know, something you have, and something you are”. To put it into simpler terms the first are things like passwords and PINs, the second are things like physical keys, tokens, or SMS codes, while the third is biometrics like fingerprints and face scans. So, in the unfortunate event that your password is compromised, the cybercriminals will have a tough time getting in.
Although the adoption of 2FA isn’t widespread among users, on the bright side Twitter registered an uptick of 9.1% in the number of users that had at least one 2FA method enabled. Over the years Twitter has started supporting a variety of 2FA methods, including sending a unique code via text message, using a mobile authenticator app, or using a security key.
“In general, SMS-based 2FA is the least secure due to its susceptibility to both SIM-hijacking and phishing attacks. Authentication apps avoid the SIM-hijacking risk, but are still susceptible to phishing attacks. Security keys are the newest and most secure form of 2FA since they include built-in protections from phishing attacks,” said Twitter.
If we look at the breakdown of the authentication methods favored by users that have them set up, SMS-based authentication codes are by far the most dominant option used by over 79% of accounts with 2FA enabled. Meanwhile, on the other end of the spectrum, security keys, which are considered the safest option, are used by a meager 0.5%. An interesting piece of information since Twitter recently allowed users to set security keys as their sole 2FA method.
While Twitter did concede that the adoption rate of 2FA remains relatively low, the popular social platform went on to add that it was encouraged to observe a significant increase in 2FA usage over the recent reporting period. “Overall, these numbers illustrate the continued need to encourage broader adoption of 2FA, while also working to improve the ease with which accounts may use 2FA. Making 2FA methods simpler and more user friendly will help to encourage adoption and increase security on Twitter,” the company concluded.
If you haven’t secured your account with one of the several 2FA methods Twitter offers just yet, you’d do well to do so now. And while you’re at it you can follow our recommendations on how to stay safe on Twitter and mitigate the chances of your account getting hacked.
written by Amer Owaida, ESET We Live Security