Feeds

back to article Security Twitteratti: Twitter's 2FA does sweet FA for biz

Security-watchers don't appear overly impressed with Twitter's introduction of two-factor authentication (2FA) to its service. While some infosec experts welcomed the move, others argued that while it might help protect the accounts of individuals, it is ill-suited to the safeguarding of shared accounts of organisations - many …

COMMENTS

This topic is closed for new posts.
Bronze badge
Coat

sweet FA then

1
0

Have that many corporate accounts been compromised or is that just the excuse when they are caught saying things that they regret.?

1
0
Bronze badge

2FA only when changing login method

I thought most 2FAs came into action only when you log in via a non-recognised machine, basically you didn't have a cookie set. I didn't think it required the 2FA every time you login, that would be very irritating for something that is not top secret. So it's not really a problem for corporate accounts. Just requires the "phone owner" to pass on the 2FA when users are given their new corporate laptop/blackberry/etc. Not such a palaver afterall.

0
0

I'll be thick

https://twitter.com/regvulture

When you tweet to regvulture you tweet to @regvulture

So now you become

https://twitter.com/@regvulture

at which point your staff become

tom@regvulture

dick@regvulture

harry@regvulture

Now you have differentiated the names you cam SMS them their different 6 digit second stage authentication numbers.

2
0
Thumb Down

You wait for a bus and then 6 come along at once

The problem as I see it (as an ordinary plebeian user) is that more and more services are now jumping on the 2FA bandwagon. This isn't a problem in itself, and I got quite excited when Twitter announced the new option; gosh, maybe I could even use one of the 2 2FA devices I now possess. But noooo. It has to be SMS, so my phone becomes a key part of my Twitter experience and it now becomes important not to lose it or stray out of a signal area. No mention of fallback codes that I can keep in my wallet.

And of course, if I was a conspiracy theorist I'd say how uncomfortable I was with people I've never met being able to link my phone number with my Twitter account: not that I've anything to hide of course..

0
0
This topic is closed for new posts.