The newest weird transfer of Elon Musk’s Twitter possession weakens the security of millions of accounts. On February 17, Twitter introduced plans to cease individuals utilizing SMS-based two-factor authentication to safe their accounts—until they begin paying for a Twitter Blue subscription. However, there are safer, free, and simpler methods to proceed defending your Twitter account with two-factor authentication.

Two-factor authentication, often known as 2FA or multi-factor authentication, is likely one of the simplest methods to protect your online accounts from being hacked. When logging in to a web site, app, or service, 2FA requires you to register utilizing your username and password, then confirm that the login is genuine utilizing one other piece of data. Most generally, this entails getting into a short lived code that’s generated or despatched to you in actual time.

This second piece of data helps to show that the particular person logging in is definitely you. While billions of passwords have been compromised on-line, the 2FA code is usually delivered to or created by the machine that’s in your pocket. Having any type of two-factor authentication turned on is best than none. However, it isn’t solely foolproof. For years, safety researchers have warned that SMS-based two-factor authentication isn’t as secure as different 2FA choices.

That’s as a result of SIM-swapping attacks, the place telephone numbers are compromised by attackers, let criminals entry 2FA messages and break into accounts. Put merely: Using one other 2FA possibility, even whether it is barely much less handy, is your best choice.

In its announcement, Twitter stated individuals have 30 days to show off SMS-based 2FA and transfer to a different possibility. It stated the system had been abused by “bad actors” previously. On March 20, Twitter will “disable” utilizing textual content messages for two-factor authentication—until you pay for the privilege. People have already began seeing pop-ups telling them to “remove text message two-factor authentication” earlier than this date. 

However, Twitter’s announcement has baffled, confused, and angered security researchers. They say eradicating SMS-based 2FA only for individuals who don’t pay for Twitter Blue doesn’t make any sense and can weaken individuals’s safety if they don’t transfer to a different 2FA possibility. Here’s what it’s best to do to maintain your account safe.

Use an Authenticator App or Security Key

Instead of turning 2FA off in your Twitter account, there are two higher choices: authenticator apps and safety keys. They each work utilizing the identical rules as SMS-based 2FA. To allow both of those alternate options you will have to go to Twitter, open its Settings and privateness, then Security and account entry, Security, and eventually Two-factor authentication. (Or just click here if you are logged in). Here you’re going to get the choice to make use of two-factor authentication through an app or utilizing safety keys.

Instead of sending your six-digit authentication code through SMS message, authenticator apps are continuously producing the codes themselves and are synced with the providers you utilize. Authenticator apps checklist all of the web sites you could have registered with them and show the codes it’s essential to enter to log in. These codes refresh each 30 seconds. Each time it’s essential to log in to a web site or app, you go to the authenticator app after getting into your username and password to get the authentication code as an alternative of ready for a textual content message. (It’s significantly useful in case your telephone doesn’t have connectivity for some purpose.)