Skip to content
Cybersecuritydata-and-cloud-computingTechnology

Twitter Introduces Security Keys for Phishing Prevention

Social media company implements multi-factor authentication upgrade after prominent cyberattack targeting celebrity accounts in 2020; company acknowledges that further advancements are necessary.

 and  Administrator
2 min read
Twitter takes steps towards phishing prevention with the release of security keys
Twitter takes steps towards phishing prevention with the release of security keys

Twitter Introduces Security Keys for Phishing Prevention

In the digital age, where cybersecurity is paramount, major tech companies are taking significant steps to enhance the security of their users' accounts.

Twitter has led the charge, sending security keys to over 5,500 of its employees worldwide. These keys, which adhere to the FIDO and WebAuthn standards, separate legitimate websites from malicious ones and robustly block phishing attempts, providing a more secure alternative to two-factor SMS or one-time passcode verification. Following the 2020 attack, where a teen hacker managed to access numerous celebrity Twitter accounts by employing social engineering and bypassing two-factor authentication used by Twitter employees, this move aims to prevent future spear phishing incidents.

Twitter's successful migration of all employee accounts from legacy security methods to mandatory use of security keys in less than three months was announced in August 2021. The company is using a combination of YubiKey 5 NFC and 5C NFC keys to support laptops using USB and NFC for Android and iOS mobile devices.

Google has also been at the forefront of enhancing security, announcing a program to safeguard 10,000 high-profile users through its Advanced Protection Program. The program is designed to protect users like human rights activists, journalists, elected officials, and political campaigns.

Amazon, too, is joining the fray, offering free security keys to certain AWS account holders who spend more than $100 per month. The company is also providing the same security training to its users that it provides to its employees. During the White House cybersecurity meeting, Amazon announced this initiative.

The importance of these measures is underscored by the words of Sean Ryan, senior analyst at Forrester, who considers passwords the "lowest common denominator of secure access," as hackers can easily hack, steal, or purchase them on the Dark Web.

Microsoft Azure Active Directory is also working to eliminate passwords and use security keys to reduce the risk of phishing attacks. This shift towards more secure authentication methods is a welcome development in the ongoing battle against cyber threats.

Read also:

Related

Latest