Users without a Twitter Blue subscription have 30 days to sign up, or they will lose their SMS two-factor authentication service.
NEW: Twitter is planning to unveil a new policy as soon as afternoon that only Blue subscribers will be able to use SMS-based 2-factor authentication, according to company sources.
— Zoë Schiffer (@ZoeSchiffer) February 17, 2023
Twitter currently offers three 2FA methods: text message, authenticator app, and security key. And although SMS verification is the most popular, it is easy to abuse, the company notes. Attackers can replace SIM cards and intercept messages to hack accounts. In 2019, the account of Twitter founder Jack Dorsey was affected by a similar attack.
As of February 15, Twitter banned new users from verifying via text messages. Already registered accounts (without Twitter Blue) have 30 days to disable this authentication method and use another. Starting March 20, 2FA via SMS will only be available to accounts that have purchased a priority subscription on the platform. Twitter Blue currently costs between $8 and $11 (depending on which device you use).
Effective March 20, 2023, only Twitter Blue subscribers may be allowed to use text messages as their two-factor authentication method. Other accounts can be used for authentication app or security key for 2FA. Learn more here:
— Twitter Support (@TwitterSupport) February 18, 2023
Cybersecurity researcher Rachel Toback notes that only 2.6% of Twitter users have 2FA, and the vast majority (74%) use SMS authentication.
This Twitter 2FA change is nerve-racking because:
1. Only ~2.6% of Twitter users have 2FA on at all (it is important to allow easy account takeover)
From 2.6%, 74% use text message based 2FA (https://t.co/WXuFydZk17)
If they don’t pay for Blue they auto lose 2FA on 3/20. pic.twitter.com/PgySF3Qyag— Rachel Tobac (@RachelTobac) February 18, 2023
Journalists of The Verge assume that the company is introducing paid authentication because it is necessary to pay for sending messages. Twitter is desperate for cash right now, and since Elon Musk took over as CEO, plans to ditch SMS entirely have been mooted. But it seems that at least now the billionaire has found a way to at least monetize them.
Source: mashable