The free and easy SMS two factor authentication (2FA) to log into your Twitter account ends today.
That concerns Privacy Commissioner Michael Webster because it takes away one of the most common ways to verify who users are on their free accounts, which puts their privacy at risk.
He says, “privacy should not be something available only to people who can pay for it. Privacy is a basic right. And while yes people can vote with their feet and walk away from the platform – it is disappointing to see a readily accepted free, easy to use, and easy to understand verification step is being taken out of a platform that people enjoy using.
“It’s important people know how to look after their privacy, which means being savvy about how they use social media generally because privacy breaches show no sign of slowing down.
“My office deals with privacy breaches daily and if you’re part of a breach, you’re often likely to feel it. Think about what you have on Twitter, perhaps if you have shared photos of your family; maybe you’ve expressed thoughts about colleagues, or expressed an opinion that could sink your future opportunities of getting that dream job.”
After March 20 non-Twitter Blue subscribers will no longer be allowed to use the text/message/SMS method for two-factor authentication.
Twitter said those users who remain non-Twitter Blue subscribers will have that two-factor authentication turned off.
Twitter said they have taken this step because they had seen phone-number based two factor authentication abused. But we are still seeing major institutions that are internet safety aware use SMS two-factor authentication.
All social media platforms have a responsibility to their users in New Zealand and operate here under the Privacy Act, says Webster, but people need to understand they have autonomy and can make choices about how they are treated online. “Turns out you have choices – if you don’t like a social media platform’s policies you can simply leave”.
In a Twitter report on account security from 2021, it showed that only 2.6% of active Twitter accounts had at least one 2FA method enabled on average of the document’s reporting time. Of that 74.4% of users used SMS as their 2FA, 28.9% used an authenticator report and 0.5% used a security key. The report’s writers said it should be noted that accounts could enable multiple 2FA so the numbers in the report might not be specific.