2FA, user security and you: Staying safe on X

October 6, 2023

According to Statista, a data gathering platform, X, formerly known as Twitter, has some 556 million monthly active users. Whether you’re an independent agent or the head of an agency, having a presence on a platform with more than half a billion active users is nothing short of essential. However, X’s dramatic rebranding introduced a whole host of questions about user security.

What’s changed?

One of the most noticeable changes that will affect user security is the platform’s approach to two-factor authentication, which is any electronic authentication method that requires two pieces of evidence that verify your identity.

Per X’s help center page about the subject, there is a notice that states: “Effective March 20, 2023, we will no longer support 2FA using text messages for non-Premium subscribers.” Instead, SMS/text message 2FA is included as a feature to those who subscribe to the platform through X Premium or Verified Organizations.

The lack of 2FA poses significant security risks: in setting up an account with X, it asks for your name, date of birth, and either your phone number or email address.

If malicious actors were to have just one of these pieces of information, it is unlikely they will get far in whatever goal they have in mind. However, all this information together could open the door to other cyber security risks—such as accessing important financial information or more personal information.

With two-factor authentication for an online account, you would require a password and second piece of information, usually in the form of a temporary code sent to you that would then be entered on the website or app you were trying to access.

Before X rolled it back, 2FA through SMS/text messages was offered for free. X has cited 2FA through SMS as being vulnerable to bad actors: that’s true, but only in a relative sense.

As explained by SecureMac, a company that focuses on providing security for Mac users, SMS 2FA can be exploited in “SIM-swapping attacks” and it doesn’t hold up when compared to alternate 2FA methods, but noted that “SMS-based 2FA” is “far more secure than the alternative of ‘no 2FA at all.’”

Possible work arounds

Now on X, the only free 2FA for users is handled through third-party applications or security keys. Setting up the former is relatively easy, but it requires that you to go out of your way and find the right authentication app for you.

Security keys have the benefit of being hardware and they are mostly inexpensive for the individual, but they may be a little daunting for more tech-adverse users, difficult to provide in scale, and they also can be lost or stolen.

If your account is compromised, you still are sent an alert by email. However, if a bad actor is just skimming your account for more information, by the time you change your password, it may be too late.

What this means for you

Maintaining a strong social-media presence is a must for any business owner in the digital age, and you deserve comprehensive security. X’s removal of SMS 2FA for free users deprives them of an easy, user-friendly way to keep their accounts safe—even if it wasn’t the best when compared to alternative 2FA.

Finally, even if you do secure your account with 2FA, specifically with X, would it even be worth it? X is running up against numerous issues, including offensive content and hate speech, potential FTC privacy violations and paid verification opening the door for impersonation.

What you need to consider is where your insureds are, and how they want you to communicate with them. Doing so on Twitter may be more difficult than it has been in the past. 

+ posts

Matt McDonough is PIA Northeast's writer, editor and content curator. Matt joined PIA Northeast in September 2023. Before that, he had been an editor for the online entertainment magazine Collider from 2021-23 as a copy editor for its lists section. Matt entered the world of journalism at his alma mater, SUNY New Paltz, writing and reporting for the college's student run newspaper, The New Paltz Oracle. He graduated from SUNY New Paltz with a Bachelor of Arts in English and a minor in Creative Writing in 2020.

Your ad could be here. ads@pia.org

Related stories…

PIANJ Golf Classic 2024 raises $66,000 to benefit Special Olympics New Jersey

PIANJ Golf Classic 2024 raises $66,000 to benefit Special Olympics New Jersey

The PIANJ and Special Olympics New Jersey 41st annual Golf Classic was held Sept. 23, 2024, at Maplewood Golf Course in Maplewood, N.J. [PHOTO CAPTION: (L-R) Former PIANJ Director Jocelyn Rineer, CIC, CLP, CIIP; PIANJ Director and Golf Co-Chair Casey Yarger, CIC, CRM; PIANJ Immediate Past President Connie Mahoney; PIANJ Director and Golf Co-Chair Walter Conroy; PIANJ President Andrew Harris, CIC, AAI, CISR; SONJ Athlete Tom Azilides; PIANJ Vice President Aaron Levine, CIC. Photo credit: Special Olympics New Jersey]

Share This