Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!


Recently, Twitter said that it no longer believes SMS-based two-factor authentication (2FA) to be secure enough. This entails utilising a hardware token, such as a Yubikey, that handles the cryptographic portion of verifying your identity, or using an app that creates a secret “seeded” series of one-time codes.

Ironically, as we pointed out last week, the “top tier” Twitter users—those who pay for a Twitter Blue badge to increase their reach and enable them to send longer tweets—are the users for whom you’d think this change would be most significant. These pay-to-play users will be permitted to continue using text messages (SMSes) to receive their 2FA codes.

Read More…