When the concept of two-factor authentication came into the picture, people were of the opinion that it is one of the safest modes of authentication. People were given a choice of either inputting their email addresses or phone numbers. And many people chose to provide their phone numbers as emails were always at the risk of being hacked.
Thus, phone numbers were considered to be a very safe option in this entire authentication process. However, does revealing one’s phone number actually secure the complete details of the user? Well, it may not be the case. This is because there is always a danger of SIM swapping technique used by anti-social elements to hack a person’s phone number and SMSes.
In this method of SIM swapping, the mobile service provider is tricked on sending important information to a swapped SIM. This means, the SIM number is the same; however, these important messages do not reach the intended person. Instead, they are received altogether by a different person. The probability of SIM swapping is high when a user has lost his phone.
Unfortunately, Twitter had opted for a method of two-factor authentication where the user’s phone number was a mandatory requirement. However, not very long ago, it realised the threats of this technique of authentication. Thus, Twitter has updated its two-factor authentication feature. And in this latest update, the user is not required to enter his phone number.
For all this while, Twitter’s two-factor authentication feature required the user to input his phone number. However, many users were not very inclined towards revealing their mobile numbers. This method of 2FA had not gone down well with many, as there was always a risk of SIM swapping. As a result, the users’ phone numbers, as well as SMS messages, were at the risk of being hijacked.
Twitter has been using this feature for quite some time now. However, the major drawback in all this scenario was the requirement of the user entering his phone number. Though the user always had the choice of opting for something else like a Google Authenticator or a physical Yubikey, the user was always compelled to provide his phone number to Twitter in order to receive the security key via SMS.
Twitter has finally come up with a solution to this entire issue by omitting the requirement of the user’s phone number. This announcement was made by the security team of Twitter. This move has come up after Twitter’s chief executive Jack Dorsey’s own Twitter account was hacked by some rogues. The miscreants apparently used the SIM swapping technique with the aid of his phone number to fetch all of his important account details.
On realising the vulnerability in providing phone numbers during the authentication process, Twitter has stepped up its safety measures. The security team has come to the conclusion that providing mobile numbers during authentication could turn out to be disastrous. Twitter users may be compromising their personal information.
According to sources, Twitter has claimed that its new method of two-factor authentication does not require the need of user’s mobile number at all. However, some users have claimed that they are still required to enter their numbers. Perhaps, Twitter is implementing this change in phases. It is quite possible that only a few users might notice this feature at present. It could take some time before all users notice this change.