Twitter Limits SMS-Based 2FA to Twitter Blue Members
Effective March 20, Twitter will no longer allow people to use SMS-based two-factor authentication (2FA), unless they subscribe to Twitter Blue.
“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors,” Twitter wrote in a Friday night blog post(Opens in a new window). “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
Those who are not enrolled in Twitter Blue can still use an authenticator app or a security key for 2FA. But if they’re currently using SMS to authenticate their accounts, they only have 30 days to make the switch.
“After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled,” Twitter says.
SMS-based multi-factor authentication is considered the weakest form of 2FA. Hackers have tricked cellular providers into cloning a victim’s mobile phone number to a new SIM card, which they put in their own phones to intercept an SMS 2FA code. But getting people to adopt multi-factor authentication has been an uphill battle for many services, and a text-based code is better than nothing.
Twitter Blue is the company subscription-based service; it offers features like the ability to edit tweets for $8 per month. Elon Musk, the company’s new CEO, has made a big push to boost subscribers to the service by putting some features behind a paywall. Thus far that’s largely focused on vanity options like the blue checkmarks, though, rather than security features that could put a large number of the site’s members at risk if disabled.
Read more on pcmag.com
