Twitter Users Struggle to Adapt 2FA

Written by a NortonLifeLock employee


October 4, 2021

You’ve probably heard of 2FA – and most likely why it’s important as well. If it’s the first time you’ve heard of this abbreviation, here’s a quick summary: 2FA stands for two-factor authentication. On Twitter and everywhere else where it’s used, it represents an extra layer of security for your accounts. On top of entering your password, you’ll also have to enter a security code that’s provided to you via either SMS or an additional app. By adding an additional layer of protection to your account in this way, you can make it harder for cybercriminals to access it (albeit not impossible). 

Twitter offers a 2FA option to its users and has recently released a transparency report which provides some statistics on how people on Twitter are protecting their accounts – and sadly, it’s not with 2FA.

2FA adoption remains low

According to the report, only 2.3% of all Twitter accounts had at least one method of 2FA enabled between July and December 2020, the reporting period. This is especially concerning as just last year, some pretty high-profile Twitter accounts were hacked, only to be used for Bitcoin scams. The hijacked accounts included those owned by Apple, Bill Gates, Uber and Elon Musk.

Twitter itself supports multiple types of two-factor authentication, including SMS (which sends a unique code to the phone number linked to the account), a mobile app, and a security key. Out of these three methods, the SMS option is most used at 79%, followed by the Auth App (30.9%) and the Security Key (0.5%). 



Almost 80% of accounts choose least secure 2FA method

“While any form of 2FA is much more secure than not having 2FA enabled at all, some forms of 2FA are more secure than others,” says Twitter. And sadly, this includes authentication via SMS, which is in fact the least secure method due to its susceptibility to SIM-hijacking and phishing attacks.  

Twitter continues to explain that “authentication apps avoid the SIM-hijacking risk but are still susceptible to phishing attacks. Security keys are the newest and most secure form of 2FA since they include built-in protections from phishing attacks.”

Is 2FA really more secure though?

Well, let’s draw an analogy. Owning a home security system would reduce the risk of a break-in, right? But if you have a great big dangerous-looking dog, that will also lower the risk of a break-in pretty effectively. Now, if you were to combine a home security system with that big, dangerous-looking dog, your home would become doubly difficult to break into, and therefore a less attractive target. Most burglars will seek out victims with less protection, who will be easier to rob. 

In the same way, two-factor authentication helps prevent hordes of hackers from getting into your account. Many will try to force entry and, not succeeding straight away, will turn their attention elsewhere.

What this means for you

More and more platforms are now offering better account security for their users – be it Twitter, Facebook, Amazon or PayPal. It is now up to you to make sure you use it. Even though it might seem like an inconvenience at first, it will make your accounts more secure and helps to ensure that only you can sign in. So, if you haven’t yet, enable 2FA now!

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.