top of page
  • MaryGrace Lerin

Twitter's Two-Factor Authentication (2FA) Adoption Rate is Unexpectedly Low

Between July and December 2020, merely 2.3 percent of all active Twitter accounts implemented at least one kind of two-factor authentication (2FA), according to Twitter's latest transparency report.


2FA adds an extra degree of security to Twitter accounts by requiring users to log in with a security key or a code in addition to their passwords.

This prevents fraudulent takeover efforts that try to guess, use stolen information, or change the password by ensuring that only the account owner may sign in.


Despite the fact that certain high-profile Twitter accounts were stolen last year although having 2FA set due to intruders gaining access to internal admin systems, users should still enable 2FA to protect themselves against amateur hacking efforts.


SMS is used by nearly 80% of 2FA enabled accounts


Over this reporting period, 79.6% of all users with 2FA enabled used SMS-based authentication, 30.9% used a multifactor authentication (MFA) app, and just 0.5% used a security key.


Notably, Twitter lets you enable several 2FA methods per account, allowing you to use one, or all three 2FA methods.

Twitter explains that, "in general, SMS-based 2FA is the least secure due to its vulnerability to both SIM-hijacking and phishing assaults."


"Authentication apps avoid the SIM-hijacking risk, but are still susceptible to phishing attacks. Security keys are the newest and most secure form of 2FA since they include built-in protections from phishing attacks."


Despite the low adoption rate, Twitter has seen an increase in the number of users that use 2FA to protect their accounts from hacking attempts, with a 9.1% increase from July to December 2020.


Users are deterred by the extremely difficult and non-intuitive process they must go through to enable 2FA, which is a problem that affects the entire industry.


"Overall, these figures highlight the need of continuing to promote broader usage of 2FA while simultaneously working to improve the ease with which accounts may utilize 2FA," Twitter stated.


"Making 2FA methods easier to use and understand will assist to enhance adoption and security on Twitter."

Improved security against SIM-swapping attacks


Over the last few years, Twitter has been trying to enhance and strengthen the platform's 2FA functionality, with a strong emphasis on security keys as the primary 2FA mechanism.

In 2018, it implemented security keys as one of multiple 2FA options on the web, and in December 2020, it will support using them to log into 2FA-enabled mobile applications.

Later, security key support was enhanced to the WebAuthn standard, which provided secure authentication over the web and enabled the use of two-factor authentication on any Twitter account that did not have a phone number.


Twitter announced support for multiple security keys for 2FA-enabled accounts earlier this year, and security keys can now be used as the sole 2FA option for Twitter accounts, with all other login options deactivated, starting this month.


To enable 2FA on your Twitter account, go to your profile menu, Settings & Privacy, Security and account access (on the desktop) or Account > Security (on iOS), and check the box next to Two-factor authentication.


12 views0 comments

Comments


Discover Roundabout's free reporting tool for every social media campaign

Download the app

Apple and Android

apple_google_edited.png
apple_google_edited.png
bottom of page