I nearly fell off the bar stool (actually, it was a desk chair) when I saw the Bitdefender post about the percentage of Twitter users that have enabled two-factor authentication (2FA). It is just amazing that more users don’t configure 2FA (or MFA) to protect their accounts. Especially given that 2FA typically doesn’t cost any money and is shown to stop over 99% of credential-based account attacks. Apparently, Twitter users have taken the non-compliance percentage to a new level.
According to Twitter’s own transparency report, only 2.3% of users had 2FA enabled in the second half of 2020. In other words, 97.7% of Twitter users are sending out an open invitation to have their accounts hacked. Unbelievable. Twitter has several methods of 2FA available for its accounts to include text message, authentication app or security key. As Twitter stated, “Enabling 2FA ensures that even if your account password is compromised (perhaps due to the reuse of your Twitter password on other, less secure, websites), attackers will still be blocked from logging into your account without access to the additional authentication required.”