Twitter reveals surprisingly low two-factor auth (2FA) adoption rate


Level 76
Content Creator
Malware Hunter
Aug 17, 2014
Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020.

Out of the 2.3% of all users who had 2FA enabled over this reporting period, 79.6% used SMS-based, 30.9% a multifactor authentication (MFA) app, and only 0.5% a security key.

It's also worth noting that Twitter also allows enabling multiple 2FA methods per account, making it possible to have one, two, or all three 2FA methods enabled for each account.

"In general, SMS-based 2FA is the least secure due to its susceptibility to both SIM-hijacking and phishing attacks," Twitter explains.
"Authentication apps avoid the SIM-hijacking risk, but are still susceptible to phishing attacks. Security keys are the newest and most secure form of 2FA since they include built-in protections from phishing attacks."

However, despite the meager rate of adoption, Twitter saw a growing number of users who enable 2FA to secure their accounts from hijacking attempts, with an increase of 9.1% from July to December 2020.
Twitter 2FA

Image: Twitter


Level 6
Jun 21, 2020
Well then don't hide it at first. Most people I know that uses the platform, didn't know where it was when it became available to the masses. It's only in recent years that it's not a hidden feature in the settings. Not to mention no marketing unlike most other services, companies and platforms for low-threshold security reasons etc...