Twitter announced last month that the platform would stop using SMS-based two-factor authentication for all those who haven’t subscribed to Twitter Blue. As a result, users who keep their accounts safe via SMS messages will no longer have the extra layer of security unless they are willing to pay Twitter $8 per month. Two-factor authentication requires users to enter their passwords and then enter an SMS-delivered authentication code to log into their accounts. This method helps people maintain the safety of their Twitter accounts by making things significantly more difficult for someone who steals your account passwords.
Changing the 2FA method
Twitter has stated that the current SMS 2FA method is being misused and abused by bad actors, costing the company close to $60 million annually. Some experts support this new action taken by the company. They believe that the current method has many limitations, and removing it as a free option will only add benefits to the user’s security. This is due to outsiders easily tracking and intercepting SMS with various hacking methods or by stealing their targets’ phone numbers. However, some have also criticized Elon Musk and the company, claiming that it is only a poor technique to get more blue tick users and to increase Twitter’s revenue.
Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:https://t.co/wnT9Vuwh5n
— Twitter Support (@TwitterSupport) February 18, 2023
According to Twitter’s Account Security report conducted last year, only 2.6% of active Twitter users had the 2FA method activated. Of those, a vast majority (74.4%) used SMS as their form of authentication. Although SMS authentication is behind a paywall, users can still use third-party apps or a security key to authenticate their Twitter log-ins at no cost. The company has revealed in its latest blog post that the new change will be introduced on March 20. Several other experts also claim that Twitter’s new policy change has a high probability of causing confusion among users by not giving them adequate time to study the overall situation.
Securing your Twitter account
It only takes a few minutes to change your 2FA settings. First, visit the settings and support menu, either on the desktop site or the Twitter app. Then, choose “Security and account access.” From there, proceed to the security menu and follow the given instructions to get access to the 2FA page. If users attempt to add SMS as a 2FA option without subscribing to Twitter Blue, they will be requested to choose a third-party authenticator app or security key.
For mobile users, the best and most straightforward way to set up 2FA will be with the help of third-party apps like Google Authenticator, Duo Mobile, and Twilio Aunty. After installing any of these, open your Twitter account and visit the settings option, followed by “Security and account access.” Head to the security menu, follow the instructions to reach 2FA and choose the authentication app. The final step will be to enter your password correctly and then click confirm to proceed.
5 days until Twitter auto unenrolls users who haven’t paid from the SMS 2FA that they enabled on their account. Yes, SMS 2FA users could switch to app-based MFA (or security key), but many won’t because they don’t care to, aren’t aware, or aren’t sure what this is all about. https://t.co/VkAiZZaARv pic.twitter.com/l9q8eubOQy
— Rachel Tobac (@RachelTobac) March 16, 2023
Apart from these, one of the safest approaches to logging into your accounts is by using a security key, like a Google Titan or Yubikey. These are physical devices with USB or NFC connectivity that should be plugged into a system to automatically respond to 2FA requests and log you into your account.
The company has not yet given a clear explanation regarding those users who don’t disable the SMS two-factor before the given deadline. Some state that users will be logged out of their accounts if they don’t disable 2FA before March 20. According to Twitter’s blog post, users who do not make the necessary changes before the deadline will only have their 2FA method disabled.
Overall, the new change introduced by Elon Musk and the company looks like a misguided strategy that will possibly lead to more harm than good. While there is still some confusion, most users believe that if they don’t take the necessary steps to activate their security, nothing will probably happen; Twitter will continue to function as usual. However, not adding security layers could possibly lead to Twitter accounts being hacked or at least being an easier target. Hence, every user who cares about their Twitter account will now have to reconsider their strategy and should try to add other security alternatives to make their account safe and secure.
Photo credit: The feature image is symbolic and has been done by Nicoleta Ionescu.