If you still haven’t properly secured your Twitter account with two-factor authentication then you have one less excuse today.
Twitter has announced that you can now use third-party apps (such as Google Authenticator, Authy, or 1Password) to verify yourself at login.
We’re rolling out an update to login verification.
You’ll now be able to use a third party app for two-factor authentication instead of SMS text messages.https://t.co/UXl3xKLEaG
— Twitter Safety (@TwitterSafety) December 20, 2017
Which is great news, because previously – unlike many other online services – Twitter required you to either be capable of receiving SMS verification codes sent to your mobile phone, or to use their own smartphone app to verify a login.
Using SMS-based two-factor authentication has been frowned upon for some time, as criminals are able to exploit known weaknesses in the SS7 cellphone network to intercept text messages. In addition, there are countless malicious Android apps that are capable of capturing SMS codes as they are sent to devices, and then passing them on to account hackers.
So, hopefully you’re convinced that it makes really good sense to enable two-factor authentication for your Twitter account, and even better to do it in a way that doesn’t involve you relying upon vulnerable SMS messages.
Here’s how to enable the feature (known as Login Verification in Twitter parlance):
1. Log into Twitter at www.twitter.com from your desktop’s browser.
2. In the top right-hand corner, click on your avatar to bring up a drop-down menu. Click on Settings and privacy.
3. Under Account, choose Set up login verification
If you have not previously configured 2FA for Twitter, you (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Graham Cluley. Read the original post at: The State of Security