Articles
5 Types of Ecommerce Fraud
Articles
10 Best Practices to Prevent Ecommerce Fraud
Articles
How Does Two-Factor Authentication (2FA) Work?
Articles
Chargeback Codes for Visa, MasterCard, Amex, and Discover
Articles
How to Fight Chargebacks
Articles
Address Verification Service (AVS) Check
Articles
E-commerce False Declines: How to Stop Turning Away Good Customers
Articles
What Is Friendly Fraud?
Articles
How Merchants Can Fight Credit Card Disputes
Articles
Influencer Insights: High-risk Merchants Are at Risk of MATCHing
Thursday, June 4, 2020

Merchant Fraud Journal

Articles
5 Types of Ecommerce Fraud
Articles
10 Best Practices to Prevent Ecommerce Fraud
Articles
How Does Two-Factor Authentication (2FA) Work?
Articles
Chargeback Codes for Visa, MasterCard, Amex, and Discover
Articles
How to Fight Chargebacks
Articles
Address Verification Service (AVS) Check
Articles
E-commerce False Declines: How to Stop Turning Away Good Customers
Articles
What Is Friendly Fraud?
Articles
How Merchants Can Fight Credit Card Disputes
Articles
Influencer Insights: High-risk Merchants Are at Risk of MATCHing

Twitter 2FA No Longer Requires Phone Number

November 24, 2019
|
No Comments
|
News

Twitter will allow users to enable two-factor authentication (2FA) without providing a SMS number, the company announced. Although the SMS option remains available, users can now also use internet browsers and authenticators. The change comes in response to user requests dating back at least a year. In addition, the recent high-profile, successful SIM-swap attack on Twitter CEO Jack Dorsey — which occurred despite the enabling of SMS-based 2fa — most likely contributed to the decision to make a change.

“Although Twitter has supported security key-based 2FA for almost a year now, the prevailing standard (FIDO U2F) supported only a limited number of browsers and authenticators, restricting the potential for widespread adoption,” the statement said. “As of today, we are replacing this with the FIDO2 WebAuthn protocol which allows support for more browsers and authenticators while also retaining all of the phishing resistant capabilities security key-based 2FA provides.”

Currently, Twitter only supports the WebAuthn web authentication standard’s physical security key. WebAuthn is approved by the World Wide Web Consortium (W3C) and works in most major web browsers including Chrome, Edge, and Firefox. It is a commonly used security measure by many in the tech industry. However, the company does plan to add additional options in the future, so users will have more choices about how to secure their account.

“WebAuthn is enabled by default and follows the same process as before when registering your security key,” the statement said. “As of today, Twitter only supports physical security key authenticators with WebAuthn, while we expect to add support for other options in the future.”

Twitter’s decision comes amidst heightened fears about the vulnerability of user data. Account takeover attacks are on the rise, with hackers using successful attacks on social media platforms — aided by poor user password hygiene — to hack into users’ other accounts across the web.

Sources:
https://blog.twitter.com/engineering/en_us/topics/infrastructure/2019/webauthn.html

Share This Article:
Tags:

Related Article

Our Sponsors

Get the 2020 Chargeback Representment Guide

chargeback representment guide

Get the 2020 Fraud Trends Report

fraud trends report

Join our Community

join the community

Our Sponsors

Stay in Touch

LINKEDIN

YOUTUBE