Set as Homepage - Add to Favorites

【Jerome Deeds Archives】

Source:Creation Information Network Editor:Entertainment Time:2025-06-26 06:53:12

Adding an extra layer of security to your online accounts is Jerome Deeds Archivesa fundamental step to protect your digital life from hackers, but what's the point if the new methods are just as vulnerable as the old ones?

It's a question some Twitter users are asking after discovering that the two-factor authentication on their accounts isn't as secure as it seems.

SEE ALSO: The software that could prevent ISPs from selling your browsing history could also just make things worse

But let's back up for a second. No matter who you are, having your Twitter hacked would be a major bummer. In the case of political figures like Donald Trump, however, a hijacked account means more than just a headache — think of the havoc a fake policy pronouncement could wreak?

And so it was welcome news back in 2013 when Twitter rolled out two-factor authentication (2FA) to all of its users. This added layer of security allows users to protect their accounts, even if their passwords had been stolen, by requiring a second login credential sent via text message.

Great, right? Well, kinda.

While SMS-based 2FA does provide additional protection, there's a big problem with it. Namely, SMS itself isn't secure. A flaw in what is known as Signaling System 7 protocol (SS7) — something that allows different phone carriers to communicate back and forth — means that hackers can redirect texts to practically any number they want.

That means your SMS verification code could end up being sent directly to the cellphone of your hacker.

And this is not just theoretical. In January of 2017, reports Ars Technica, a group of criminals exploited this flaw to snatch victims' SMS verification codes and drain their bank accounts.

So, with text-based 2FA known to have a security hole so large you could drive a truck through it, Twitter helpfully introduced additional ways to set up 2FA. Users who already have access to their accounts via the Twitter mobile app can use something called a login code generator, but as this requires already being logged in on mobile it doesn't help if you're signed out.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

The other method, a 3rd-party authenticator app, offers a better option. These apps, like Google Authenticator, generate a number sequence on your phone as your verification code — no vulnerable text message required.

Original image replaced with Mashable logoOriginal image has been replaced. Credit: Mashable

Problem solved, right?

Not so fast. Because here's the thing, even with an authenticator app enabled Twitter still sends out SMS verification codes. That's right, the people that have taken the extra step to secure their Twitter accounts with an authenticator app — arguably the people most concerned about having their accounts hacked — are still just as vulnerable as those who rely on SMS-based verification codes.

And this has not gone unnoticed.

Users are rightly wondering what's the point of having a 3rd-party authenticator app set up if Twitter still send out text messages with the codes.

Twitter, for its part, is staying silent on the matter.

We reached out to the company and exchanged multiple emails with numerous employees who all categorically refused to explain if there was any way to disable SMS-based 2FA verification codes while maintaining a 3rd-party authenticator app, as well as why that would be the case.

One spokesperson simply responded the company had "nothing to share on our 2FA beyond what's in our help center." To be clear, the help center does not address this issue.

What about just deleting your phone number from your Twitter account? Then it can't send you texts, right? Go ahead, but then you can no longer use the 3rd-party authenticator app.

The company, through spokespersons, also refused to comment on the SS7 exploit rendering SMS vulnerable to hackers.

Why this matters

For the average Twitter user, a text message-based verification code — despite its flaws — is a great added layer of security. However, as demonstrated by the criminals that emptied bank accounts in January, a determined hacker can bypass this security measure.

And maybe this just a bug affecting some users' accounts, and not each and every one of Twitter's users with 3rd-party 2FA apps. Twitter's refusal to discuss the matter, however, means we don't know.

For you and I, this might not be that big of a deal at the end of the day. For celebrities, politicians, and members of the Silicon Valley elite? Well, that's a different matter — and it's one that Twitter should quickly address.

Featured Video For You
This reviewer really doesn't like Starbucks' ice policy

Topics Cybersecurity X/Twitter

Previous:Ireland fines TikTok $600 million for sharing user data with China

Next:The State of PC Gaming in 2016

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

The great Garfield gender debate ends after Wikipedia edit warNASA scientists flew over Antarctica and captured a gnarly worldUnlikely animal friendship blossoms when a carriageWeWork's Adam Neumann got $1.7 billion. 2,400 employees just got fired.George Takei cleverly tore through Trump's address to Congress using the power of tweetsDev Patel has a girlfriend and everyone feels personally victimisedWeWork's Adam Neumann got $1.7 billion. 2,400 employees just got fired.World Bank CEO Kristalina Georgieva has a 'Slumdog Millionaire' moment in IndiaHey Windows users, Apple still loves you (according to this job listing)Take a look at the first allGoogle Earth's 'creation tools' let you make personalized mapsMetal fetus proves that Rock 'n' Roll isn't deadIt's time to add internet slang 'ship' to the dictionaryWeWork's Adam Neumann got $1.7 billion. 2,400 employees just got fired.Just a load of animals with pancakes because humans are weirdThis is why Emma Watson avoids taking selfies with her fansAndroid flaw allowed attackers to spy on users through phone cameraSouth Dakota's antiEd Sheeran celebrated the 7Christine Blasey Ford says testimony was 'simply' her duty as a citizen No one has ever been as happy as this pug getting belly scratches 'Enjoy the tea!': Man confronts racist conversation with a nice pot of tea From RuPaul to 'Archer,' the full list of Creative Arts Emmys winners HP is buying Samsung's printer business for $1.05 billion Singapore Paralympian gets swimming gold and smashes her own world record Geoengineering is a bonkers plan, but it may be needed to tackle global warming Paralympic athlete shares epic video from centre court straight after win Donald Trump now allegedly believes President Obama was born in America What makes an antique toy worth $100,000? AirPods Safety Strap looks like a joke, but it's the help Apple needs Apple's rumored car project suffers major layoffs, report says Adorable barber shop dog just wants a little off the ears, please Nissan's new Sentra SR Turbo is the sports sedan you can actually afford Genius creates iMessage extension to bring more lyrics to your messages Giant inflatable baby on a ceiling is a modern take on the Sistine Chapel AP deletes tweet about Clinton's 'basket of deplorables' comment Let these men teach you how to smile, Hillary Clinton Why 500 Domino's stores in India are turning vegetarian next month Do the new iPhone 7 and 7 Plus live up to the hype? Transgender actress, activist Alexis Arquette has died at 47

1.504s , 10131.4921875 kb

Copyright © 2025 Powered by 【Jerome Deeds Archives】,Creation Information Network  

Sitemap

Top

Quick Links