 |
| Twitter employees use security keys after hacking in 2020 |
According to Nick Vohs, the company's senior IT product manager and chief security engineer, Nupur Golab, Twitter made security keys available to all of its employees and enforced 2FA in internal systems after it was hacked last year.
The company switched all employees from traditional two-factor authentication using SMS or authentication apps to security keys in less than three months.
“Over the past year, we have accelerated our efforts to increase the use of security keys to prevent phishing attacks,” the company said. “We have also implemented security keys for our employees. It's about preventing security incidents like the one we saw last year.
After the July 2020 hack, Twitter revealed that in the wake of a phone phishing attack on July 15, 2020, attackers took control of dozens of high-profile accounts after stealing Twitter employee data.
17-year-old Graham Clark pleaded guilty to fraud allegations after planning a hacking attack and selling access to these accounts.
He later used the platform's trusted accounts of companies, politicians, CEOs and celebrities to carry out cryptocurrency-related scams.
He was arrested after a joint operation by the FBI, the Internal Revenue Service, and the Secret Service.
The platform has constantly updated and improved 2FA support over the past few years. Focus clearly on security keys as the primary method for two-factor authentication (2FA).
Security Key was first added in 2018 as one of many two-factor authentication methods on the web.
It includes support for accounts that support two-factor authentication (2FA) when logging into the mobile app after two years (i.e. December 2020).
Twitter tries to avoid past hacks
Then security key support was updated to the WebAuthn standard. It offers secure web authentication and can use two-factor authentication (2FA) without a phone number.
In 2021, the platform added support for using multiple security keys for accounts that support two-factor authentication (2FA).
As of July, the Security Key can be used as the only 2FA method and all other login methods are disabled.
However, despite their best efforts, the company found the 2FA adoption rate to be very low. Of all active platform accounts, at least one 2FA method was enabled with 2.3%. It is between July and December 2020.
In addition, 2.3% of all users who activated two-factor authentication (2FA) in the reference period. 79.6% of people use SMS-based applications. 30.9% of people have applied for an AMF. And a 0.5% safety switch.
Although two-factor authentication (2FA) was activated after the attacker gained access to Twitter's internal management system, some well-known Twitter accounts were successfully hacked in the past year, but you still need to upgrade to 2FA to avoid a drop in usage through phishing or sharing SIM card. Ban cards.