Published Feb. 19, 2023 2:54 p.m. ET
Click to Expand
On Saturday, Twitter users were alerted that the social media app will be disabling a major security feature for those who do not subscribe to Twitter Blue by March 19. The platform’s new premium service comes with a price tag of US$8 per month, and allows users to pay for verification.
But one cybersecurity expert said he thinks this initiative is part of a larger push to change how digital accounts are protected.
“What they are removing is the SMS or text-based authentication,” Ritesh Kotak, a tech and cybersecurity expert, told CTV News Channel on Sunday, referring to the one-time codes users receive via text message to access accounts. “What they’re really promoting here is using authentication apps or security keys.”
Kotak said other mobile verification programs are generally more secure than SMS-based two-factor authentication.
The other component behind Twitter’s decision to abandon two-factor authentication via text, he said, “comes down to dollars and cents.
“Every time that code gets sent via text message, Twitter actually ends up getting charged,” he explained. “Elon Musk and Twitter are claiming there’s actually fraud involved in that, where Twitter has lost about $60 million. So it’s two-fold.”
But will these changes make users more vulnerable? The answer, Kotak said, is yes.
“Where this becomes problematic is if you’re reusing passwords or if there’s a breach, there’s that level of protection that comes with two-factor [authentication which] won’t be there,” Kotak said. “Post-March 19, there are going to be individuals and accounts that are going to get hacked.”
But properly securing digital accounts goes beyond just using the two-factor authentication feature, Kotak said, which may already expose users to security risks.
“There has been a huge push within the tech industry to move away from text-based SMS verification,” he said. “The reason for that is there are vulnerabilities, SIM swapping being one of them, numbers could be forwarded. It’s not 100 per cent secure. These authentication apps and security keys are much more secure.”
Kotak said the tech industry is moving towards what’s called a “passwordless world,” where authenticator apps will replace the need to remember numerous passwords.
“A lot of tech companies, Microsoft included, have been pushing the fact that they want you to use authentication apps, not SMS. It’s economical for them. But it’s also more secure for the user,” he explained.
The best security measure, Kotak added, is to not reuse passwords. He also recommended enabling authentication apps such as Google Authenticator or Microsoft Authenticator.
In terms of future shifts in digital security measures, Kotak warns that this is just the start.
“We will see more of this,” he said.
“What they are removing is the SMS or text-based authentication,” Ritesh Kotak, a tech and cybersecurity expert, told CTV News Channel on Sunday, referring to the one-time codes users receive via text message to access accounts. “What they’re really promoting here is using authentication apps or security keys.”
Kotak said other mobile verification programs are generally more secure than SMS-based two-factor authentication.
The other component behind Twitter’s decision to abandon two-factor authentication via text, he said, “comes down to dollars and cents.
“Every time that code gets sent via text message, Twitter actually ends up getting charged,” he explained. “Elon Musk and Twitter are claiming there’s actually fraud involved in that, where Twitter has lost about $60 million. So it’s two-fold.”
But will these changes make users more vulnerable? The answer, Kotak said, is yes.
“Where this becomes problematic is if you’re reusing passwords or if there’s a breach, there’s that level of protection that comes with two-factor [authentication which] won’t be there,” Kotak said. “Post-March 19, there are going to be individuals and accounts that are going to get hacked.”
But properly securing digital accounts goes beyond just using the two-factor authentication feature, Kotak said, which may already expose users to security risks.
“There has been a huge push within the tech industry to move away from text-based SMS verification,” he said. “The reason for that is there are vulnerabilities, SIM swapping being one of them, numbers could be forwarded. It’s not 100 per cent secure. These authentication apps and security keys are much more secure.”
Kotak said the tech industry is moving towards what’s called a “passwordless world,” where authenticator apps will replace the need to remember numerous passwords.
“A lot of tech companies, Microsoft included, have been pushing the fact that they want you to use authentication apps, not SMS. It’s economical for them. But it’s also more secure for the user,” he explained.
The best security measure, Kotak added, is to not reuse passwords. He also recommended enabling authentication apps such as Google Authenticator or Microsoft Authenticator.
In terms of future shifts in digital security measures, Kotak warns that this is just the start.
“We will see more of this,” he said.
-->RELATED IMAGES
