Is Twitter’s Two Layer Authentication Not Enough Secure

In order to protect your digital life, adding an extra layer of protection is a great idea. Today, many digital platform including Facebook, Twitter, Gmail etc.  are offering and advising their users to protect their accounts with the two-factor authentication solution.

But what is the point if the new solutions are just as vulnerable as the old ones were?

Well, this is a question that many Twitter users are frequently asking these days after observing that 2FA solution is not as secure as it seems. No matter, who you are: a normal Twitter user or a celebrity like Donald Trump, if your account is in danger, it would be a big bummer.

Back in the year, 2013 Twitter announced two-factor authentication facility to all its users. The solution added an extra protection layer that allows users to protect their accounts even if their passwords is stolen as there is another factor that needs to be verified to complete the authentication process.


Great idea, Right? Although the process is great but there is a problem associated with it. The second factor (SMS) itself is not secure. There is a flaw named Signaling System 7 Protocol in short SS7, it is something that allows phone carriers to operate back and forth. That means phone operators can redirect text messages to the desired phone numbers they want.

After seeing this threat, Twitter introduced some additional ways of setting up a 2FA solution. A user who already has access to his Twitter account via the mobile app can use something called login code generator. But the problem with it is that user has to log in already on the mobile phone. The solution is of no use if he signed out.

The next alternative is using some third-party authenticator apps. An app like Google Authenticator generates a series of number on the user’s phone as a verification code. But the there is again a problem. No matter, you implemented the app authenticator but still, Twitter sent sends text code on your mobile phone for verification. Deleting your mobile phone number from the Twitter may be an answer to this issue.

Well, that is a different matter- hope Twitter should respond to the issues as soon as possible and come back with a proper and secure 2FA method.



Leave a comment

Your email address will not be published.