The newest weird transfer of Elon Musk’s Twitter possession weakens the safety of hundreds of thousands of accounts. On February 17, Twitter introduced plans to cease folks utilizing SMS-based two-factor authentication to safe their accounts—except they begin paying for a Twitter Blue subscription. Nevertheless, there are safer, free, and simpler methods to proceed defending your Twitter account with two-factor authentication.

Two-factor authentication, also called 2FA or multi-factor authentication, is without doubt one of the best methods to defend your on-line accounts from being hacked. When logging in to a web site, app, or service, 2FA requires you to log in utilizing your username, password, after which confirm that login is genuine utilizing one other piece of data. Mostly, this entails coming into a brief code that’s generated or despatched to you in real-time.

This second piece of data helps to show that the particular person logging in is definitely you. Whereas billions of passwords have been compromised on-line, the 2FA code is usually delivered to or created by the system that’s in your pocket. Having any form of two-factor authentication turned on is best than none. Nevertheless, it isn’t completely foolproof. For years, safety researchers have warned that SMS-based two-factor authentication isn’t as safe as different 2FA choices.

That’s as a result of SIM-swapping assaults, the place telephone numbers are compromised by attackers, letting criminals entry 2FA messages and break into accounts. Put merely: utilizing one other 2FA possibility, even whether it is barely much less handy, is the best choice.

In its announcement, Twitter mentioned folks have 30 days to show off SMS-based 2FA and transfer to a different possibility. It mentioned the system had been abused by “unhealthy actors” prior to now. On March 20, Twitter will “disable” utilizing textual content messages for two-factor authentication—except you pay for the privilege. Folks have already began seeing pop-ups telling them to “take away textual content message two-factor authentication” earlier than this date. 

Nevertheless, Twitter’s announcement has baffled, confused, and angered safety researchers. They are saying eradicating SMS-based 2FA only for individuals who don’t pay for Twitter Blue doesn’t make any sense and can weaken folks’s safety if they don’t transfer to a different 2FA possibility. Right here’s what it’s best to do to maintain your account safe.

Use an Authenticator App or Safety Key

As an alternative of turning 2FA off in your Twitter account, there are two higher choices: authenticator apps and safety keys. They each work utilizing the identical ideas as SMS-based 2FA. To allow both of those alternate options you will want to go to Twitter, open its Settings and privateness, then Safety and account entry, Safety, and at last Two-factor authentication. (Or simply click on right here if you’re logged in). Right here you’re going to get the choice to make use of two-factor authentication by way of an app or utilizing safety keys.

As an alternative of sending your six-digit authentication code by way of SMS message, authenticator apps are continuously producing the codes themselves and are synced with the companies you utilize. Authenticator apps listing all of the web sites you may have registered with them and show the codes it’s good to enter to login. These codes refresh each 30 seconds. Every time it’s good to log in to a web site or app, you go to the authenticator app after coming into your username and password to get the authentication code, as a substitute of ready for a textual content message. (It’s significantly useful in case your telephone doesn’t have connectivity for some motive).