TARLAKENYO (Feb. 22, 2023) — Twitter will no longer provide two-factor authentication (2FA) through text messages for users who do not pay for a premium account.
Two-factor authentication (2FA) is a security measure that users may use to protect their online accounts beyond just a password.
Sending a code through text message or using a mobile app authenticator are two of the most often used approaches.
Saturday, Twitter’s Twitter Help account posted that from March 20, only Twitter Blue subscribers will be allowed to utilize text-message authentication.
A Message in a Bottle A reminder to disable 2FA before the deadline was sent in-app.
Elon Musk, CEO of Twitter, announced that the company’s authenticator app, which is now free, will stay free in the future.
He explained to a skeptic that Twitter was paying over £49m ($60m) per year for “false 2FA SMS messages” from phone providers that were “scamming” the company.
Twitter said “bad actors” misused the system on their blog.
If you’re not a member of Twitter Blue, they recommend trying out an alternative authentication app or security key.
You may be confident that your account is safe using these methods since they need you to possess the authentication method physically.
But security expert Rachel Tobac called the change “nerve-wracking” on Twitter, referencing a July 2022 survey from Twitter that said just 2.6% of active Twitter accounts had 2FA activated between July 2021 and December 2021.
74.4% were using the text-message method.
28.9% were using an authentication app
As Ms. Tobac put it on Twitter, “all of us in security want consumers to utilize a wonderful type of [multi-factor authentication] to safeguard their account, but auto-unenrolling customers who had signed up for SMS 2FA, because they didn’t pay, only leave them up to danger.”
But, experts have cautioned that SMS 2FA is less safe than authenticator applications.
Prof. Alan Woodward from the University of Surrey attributed its continued success to its simplicity.
“I’d prefer people utilized anything than nothing,” Prof. Alan Woodward says, which is what some individuals who aren’t as internet aware could choose to do.
Elon Musk is attempting to save costs, but discouraging two-factor authentication (2FA) for many consumers sounds like a terrible false economy in the long run.