On Friday night, Twitter announced that effective March 20th, they will no longer allow people to use SMS-based two-factor authentication (2FA), unless they subscribe to Twitter Blue. They wrote in a blog post that phone-number-based 2FA has been used – and abused – by bad actors.
Those who are not enrolled in Twitter Blue can still use an authenticator app or a security key for 2FA. However, if they are currently using SMS to authenticate their accounts, they have 30 days to switch before it is disabled.
SMS-based multi-factor authentication is considered the weakest form of 2FA due to hackers having the ability to clone a victim’s mobile phone number and intercept an SMS 2FA code when sent.
To combat this problem, Twitter has decided to put behind their subscription-based service Twitter Blue ($8 per month) features such as the ability to edit tweets and other related options; although so far these have largely been vanity options like blue checkmarks rather than crucial security features.
CEO Elon Musk framed it as a cost-cutting measure stating that “Twitter is getting scammed by phone companies for $60M/year of fake 2FA messages” on his own platform.
Authentication apps or security keys offer stronger forms of protection from these malicious third parties compared to text messages or codes sent via sms alone which can be intercepted easily by malicious actors.
The public response has mixed reactions concerning this change; some feel it’s necessary while others disagree because many individuals find text message-based two-factor authentications more convenient compared to other methods offered through Twitter Blue at a cost-per-month subscription rate.
For those already enrolled in Twitter Blue, there should be minimal concern over any issues concerning authentication; but new subscribers must keep in mind that free text message-based verification will no longer be available once this policy change takes effect after 20th March.
The decision ultimately comes down to whether customers think having extra levels of protection not available through smaller budget plans is important enough for them to warrant subscribing again buying into the additional layers of security provided through the higher-level plans offered under Twitter’s paywall service.
To use 2FA on your Twitter account, go to Settings & privacy > Security and account access > Security > Two-factor authentication. Here, you can select an authentication app or security key to activate 2FA.
