With text-based multi-factor authentication (MFA) soon to be phased out, Twitter users urgently need to find alternatives, the UK’s National Cyber Security Center (NCSC) said.
The agency, which is part of GCHQ, claims MFA offers “huge benefits” to help consumers protect their online accounts by adding an extra layer of protection on top of strong passwords and password managers. bottom.
Sean D, NCSC Technical Director for Consulting and Advice, said that while text-based MFA (also known as 2FA or two-step verification (2SV)) is vulnerable to bypass, it’s more likely than not using MFA at all. It is better.
“This feels timely as the number of phishing attempts in my personal emails has increased significantly at this time,” he added. “Phishing is one way cybercriminals attempt to gain unauthorized access to accounts, and 2SV’s setup is very effective at preventing that.”
In fact, Proofpoint claims this week that financial losses from phishing attacks in 2022 increased by 76% year-over-year (YoY). Phishing attacks containing vishing elements peaked at 600,000 attempts per day, he added. Sometimes last year.
NCSC has instructed Twitter users to try authenticator apps such as Google Authenticator and Microsoft Authenticator.
“If a service has withdrawn support for the option of using SMS codes for 2SV, we strongly recommend replacing it with another, preferably better, 2SV method. It’s potentially vulnerable,” Sean D said. concluded.
“In fact, even if the service you’re using hasn’t changed the 2SV option, it’s worth checking your selection to see if you’re using the most secure type for ease of use and convenience. .”
Twitter said last month Text messages containing one-time passcodes will be turned off at that time, so non-Twitter Blue subscribers will have until March 20th to find another MFA method.
The surge in SMS pumping scams is partly responsible for this decision.
