SMS-Based 2FA Will Be Limited to Twitter Blue Users

SMS-Based 2FA Will Be Limited to Twitter Blue Users

Twitter will now charge for 2FA, limiting the must-have security feature to only Twitter Blue subscribers.

Twitter users have until March 19th to disable SMS-based 2FA from their accounts, as the company is displaying a message stating that, “To avoid losing access to Twitter, remove text message two-factor authentication by March 19th, 2023.”

Twitter has announced that users who are not subscribed to Twitter Blue will no longer be able to use two-factor authentication (2FA) based on SMS. Twitter offers a total of three types of two-factor authentication methods: the other two use an authentication app or a security key.

While APT groups are exploiting Twitter for large-scale cyber-espionage campaigns, Elon Musk has a different idea to improve the platform’s security.

“While historically a popular form of 2FA, unfortunately, we have seen phone-number based 2FA be used – and abused – by bad actors,” Twitter wrote in its blog post. “So starting today, we will no longer allow accounts to enrol in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”

Users have until March 19th to disable SMS-based 2FA from their accounts and shift to an authenticator app or a security key for 2FA. On the other hand, they may buy its subscription service, Twitter Blue, which costs between $8 and $11 a month or $84 a year and adds new perks to an account, such as a checkmark next to the user’s name or the ability to edit tweets.

“After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled,” Twitter says.

SMS-based multi-factor authentication is, in fact, considered the weakest type of 2FA since hackers can clone a victim’s mobile phone number to a new SIM card. This allows them to intercept the code sent through SMS.

SMS-Based 2FA Will Be Limited to Twitter Blue Users
Message Twitter displayed to on Twitter.

According to Twitter’s own transparency report from December 2021, only 2.6% of all Twitter users had enabled two-factor authentication, though the numbers may have increased since then.

To change your 2FA status on your Twitter account, you can navigate to “Settings & Privacy,” then “Security and Account Access,” then “Security,” and finally “Two-Factor Authentication” to choose between an authentication app.

  1. Twitter’s Unpredictable Path Under Elon Musk
  2. Twitter Denies Hack in 200M Account Leak Scare
  3. 400 Million Twitter Users’ Scraped Info Goes on Sale!
  4. Your Guide To Navigating Twitter Alternative Mastodon
Related Posts