Changes to Twitter security feature part of larger trend in tech industry: expert

On Saturday, Twitter customers have been alerted that the social media app might be disabling a significant safety characteristic for many who don’t subscribe to Twitter Blue by March 19. The platform’s new premium service comes with a price ticket of US$8 per 30 days, and permits customers to pay for verification.

But one cybersecurity knowledgeable stated he thinks this initiative is a component of a bigger push to alter how digital accounts are protected.

“What they are removing is the SMS or text-based authentication,” Ritesh Kotak, a tech and cybersecurity knowledgeable, advised CTV News Channel on Sunday, referring to the one-time codes customers obtain by way of textual content message to entry accounts. “What they’re really promoting here is using authentication apps or security keys.”

Kotak stated different cellular verification applications are typically safer than SMS-based two-factor authentication.

The different part behind Twitter’s determination to desert two-factor authentication by way of textual content, he stated, “comes right down to {dollars} and cents.

“Every time that code gets sent via text message, Twitter actually ends up getting charged,” he defined. “Elon Musk and Twitter are claiming there’s actually fraud involved in that, where Twitter has lost about $60 million. So it’s two-fold.”

But will these adjustments make customers extra weak? The reply, Kotak stated, is sure.

“Where this becomes problematic is if you’re reusing passwords or if there’s a breach, there’s that level of protection that comes with two-factor [authentication which] won’t be there,” Kotak stated. “Post-March 19, there are going to be individuals and accounts that are going to get hacked.”

But correctly securing digital accounts goes past simply utilizing the two-factor authentication characteristic, Kotak stated, which can already expose customers to safety dangers.

“There has been a huge push within the tech industry to move away from text-based SMS verification,” he stated. “The reason for that is there are vulnerabilities, SIM swapping being one of them, numbers could be forwarded. It’s not 100 per cent secure. These authentication apps and security keys are much more secure.”

Kotak stated the tech business is transferring in direction of what’s known as a “passwordless world,” the place authenticator apps will substitute the necessity to bear in mind quite a few passwords.

“A lot of tech companies, Microsoft included, have been pushing the fact that they want you to use authentication apps, not SMS. It’s economical for them. But it’s also more secure for the user,” he defined.

The greatest safety measure, Kotak added, is to not reuse passwords. He additionally advisable enabling authentication apps akin to Google Authenticator or Microsoft Authenticator.

In phrases of future shifts in digital safety measures, Kotak warns that that is simply the beginning.

“We will see more of this,” he stated.