cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer II

We need your phone number to "Secure" your account

So Twitter has decided to utilize numbers we gave for 2FA for marketing purposes.  

 

How do we think this will impact trust issues that the general public has with security controls that are supposed to protect?

1 Solution

Accepted Solutions
Highlighted
Advocate II

Re: We need your phone number to "Secure" your account


@Huntington wrote:

So Twitter has decided to utilize numbers we gave for 2FA for marketing purposes.  

 

How do we think this will impact trust issues that the general public has with security controls that are supposed to protect?


Chris,

Given the current state of available two-factor authentication tools. use of SMS text messaging or automated audio call-back for transmission of one time passwords as a real time second authentication factor is almost essential for secure identification and access management (IDAM) to remote accounts. Thus, yes, the system administrator do often truly need a telephone number from each account holder. The issue here is trust; can we trust the service provider (Twitter, in this case), to live up to their published privacy policy, and to properly silo account management data from all of the other data collected for targeted advertising purposes?

 

I'd suggest that for both Twitter and Facebook, we have plenty of evidence to answer the question with a resounding NO.  I have my doubts about Google, but have, so far, seen no reports of evidence to dump them into the same bucket. This report simply adds to the pile of evidence that Twitter, like Facebook, can never be trusted to keep their word on protection of data or compliance with their own published privacy policy. 

 

As far as whether this will erode public trust in Twitter? Repeated evidence from a variety of trust fails and data breaches indicates that there will be no impact at all on public trust in Twitter. So sad.

 

Suggested reading:

Ten Arguments for Deleting Your Social Media Accounts Right Now.

by Jaron Lanier.

 

Craig

 

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
3 Replies
Highlighted
Advocate II

Re: We need your phone number to "Secure" your account


@Huntington wrote:

So Twitter has decided to utilize numbers we gave for 2FA for marketing purposes.  

 

How do we think this will impact trust issues that the general public has with security controls that are supposed to protect?


Chris,

Given the current state of available two-factor authentication tools. use of SMS text messaging or automated audio call-back for transmission of one time passwords as a real time second authentication factor is almost essential for secure identification and access management (IDAM) to remote accounts. Thus, yes, the system administrator do often truly need a telephone number from each account holder. The issue here is trust; can we trust the service provider (Twitter, in this case), to live up to their published privacy policy, and to properly silo account management data from all of the other data collected for targeted advertising purposes?

 

I'd suggest that for both Twitter and Facebook, we have plenty of evidence to answer the question with a resounding NO.  I have my doubts about Google, but have, so far, seen no reports of evidence to dump them into the same bucket. This report simply adds to the pile of evidence that Twitter, like Facebook, can never be trusted to keep their word on protection of data or compliance with their own published privacy policy. 

 

As far as whether this will erode public trust in Twitter? Repeated evidence from a variety of trust fails and data breaches indicates that there will be no impact at all on public trust in Twitter. So sad.

 

Suggested reading:

Ten Arguments for Deleting Your Social Media Accounts Right Now.

by Jaron Lanier.

 

Craig

 

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
Newcomer II

Re: We need your phone number to "Secure" your account

This is extremely sad. We're consistently being told to promote 2FA for enhanced security and this ends up being abused. I have long felt a hypocrite as I do promote 2FA but at the same time I would never promote giving your phone number to social media companies such as Twitter, Linkedin, Facebook etc. So, where do we stand? 

 

The whole situation is pathetic. In my opinion, such blunders should not be forgiven and companies should be taken to account on a criminal level. A data breach label and associated fine just doesn't have enough impact. Companies get away too easily with data breaches. Millions of people are affected with no recompense whatsoever!

 

Contributor III

Re: We need your phone number to "Secure" your account

There's an argument that these schemes aren't even a strong 2FA.  We had offers from the big tech companies to re-identify customers who have anonymously used our services.  You have to wonder just how many data points they're collecting, possibly without consent, to enable that.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP M.Inst.ISP