Twitter to now charge for text two-factor authentication
Twitter has announced that it will discontinue the option of two-factor authentication via text message for all users, and has started sending notifications to users to remove the feature, warning that failure to do so could result in loss of access to their account.
It has been revealed that this change is part of a new policy by Twitter, which requires users to either subscribe to Twitter Blue at a monthly cost of $8 on Android and $11 on iOS, or switch to a more secure method of two-factor authentication, such as an authenticator app or physical security key, before March 20th.
Twitter announced on Wednesday via a blog post that it will restrict the use of SMS authentication to only paid users of the platform.
“We have seen phone-number based 2FA be used – and abused – by bad actors,” the statement reads, using an acronym for two-factor authentication. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
The recent decision by Twitter to restrict the use of SMS authentication for only paid users is the latest in a series of changes that have resulted in significant disruption at the social media company since it was taken over by Elon Musk last year.
Twitter has cited abuse by malicious actors as the reason for this move, but it has sparked concern among many users about its broader implications.
Why put 2FA behind paywall?
As noted by The Verge’s Sean Hollister, one major reason that a company might limit the use of SMS authentication to paid users is the cost of sending SMS messages.
For Twitter, which has been struggling financially, this move could help generate some much-needed revenue. Moreover, it’s been reported that Elon Musk, who took over the company last year, has plans to phase out SMS authentication entirely.
However, for the time being, Twitter Blue subscribers will have the option to use SMS authentication, albeit for a fee.
Nonetheless, it’s worth noting that the use of SMS authentication is generally considered to be less secure than other forms of two-factor authentication.
Therefore, even if Twitter continues to offer SMS authentication as a paid feature, it may eventually be phased out entirely in favor of more secure alternatives.
2FA is ancient anyway…
According to cybersecurity experts, SMS authentication is one of the most basic forms of security that many people use, and it’s also one of the least secure online safety measures.
While it’s better than nothing, it’s vulnerable to a variety of attacks, including the relatively simple SIM swap. Therefore, it’s generally recommended by digital security experts to switch to an authenticator app as a more secure alternative.
As a result, even if you do have Twitter Blue, it’s advisable to move away from using SMS authentication and start using an authenticator app. There are many reputable authenticator apps available, and some password managers even include them as a feature.
By using an authenticator app, users can generate unique codes that are not tied to their phone number, making it much harder for hackers to gain access to their accounts. Ultimately, using an authenticator app provides an extra layer of security that can help protect users from cyber attacks.