Twitter no longer makes double protection of the user account when logging in dependent solely on the cell phone number. Two-factor authentication (2FA) now also works with an authenticator app on the smartphone or a special USB stick on the computer.
Until now, it was only possible to receive registration codes via SMS, which had to be entered in addition to the password. The selected 2FA method must always be activated in the settings of the Twitter account before you can log in with it.
Always Trouble With Cell Phone Numbers And SMS
Many Twitter customers had not used the SMS authentication method because of security concerns. Attackers have often managed to order a replacement SIM card from the provider on behalf of their victim, copy their SIM card or intercept an ordered card. They could then send an SMS to Twitter to request a code to reset their password and take over the victim’s account.
The various 2FA options are based on web authentication. This authentication method has officially raised the responsible standardization body to an Internet standard. Authenticator apps, U2F USB sticks or biometric registration methods such as fingerprint sensors are referred to as identification components. Web authentification can not only be used for 2FA, but can also be used for password free log-in to online services.
With the Tailored Audiences advertising program, companies can upload marketing lists with customer data to Twitter and play advertising with all Twitter users whose phone number or email address is stored on Twitter and on the marketing list. However, personal data was not passed on to external companies, writes Twitter. How many users are affected? Twitter cannot say, says the statement. “We very much regret this and are taking steps to ensure that we do not make such a mistake again,” writes Twitter.