Twitter revealed a new policy that will eliminate the text message 2FA from all user accounts that do not pay for it. Last Friday, the social media platform wrote in a blog post that it would only allow those users who get its premium Twitter Blue subscription to benefit from SMS two-factor authentication.
The announcement made by Twitter indicated that any user who does not switch to a diverse two-factor authentication shall get the feature removed from their account by 20 March. Therefore, anyone relying on Twitter to send an SMS-based code to their phone to sign in will find their 2FA feature switched off, letting anyone access their accounts by entering the password. Users having an easily guessable password or using the same password on another service or website should act sooner to avoid surprises at a later stage.
Twitter’s Security Claims
JustReviewed.tech writes that Twitter has always claimed to keep users safe and secure on its platform, though it does not seem true. Instead, users can look at its stupidest security decisions tiring people in real-time scenarios. Nobody knows why the social media platform instituted the new 2FA policy – first revealed by Zoe Schiffer.
Twitter continuously loses cash and employees since Elon Musk took over the company with a $44 billion investment. Perhaps, the company decided to remove text message 2FA to save money, given sending SMS is not inexpensive. While it may sound weird, the Tesla owner fired the entire communications team at Twitter.
The blog post by Twitter seemed to justify the decision, saying bad actors can abuse the text message 2FA. It might refer to incidents where hackers convince the cell providers to assign a phone number to the hacker-controlled devices for SIM swap attacks. The control of a phone number enables the hacker to mimic the prey and receive SMS codes that let them access the victim’s online account.
However, a Twitter Blue subscription does not guarantee to pay users protection from SIM swap attacks. Paying users’ Twitter accounts are more vulnerable to takeover if the hacker manages to hijack their phone number; therefore, they rely on SMS 2FA.
SMS Two-Factor Authentication
Using Twitter’s SMS 2FA gives far greater protection for social media accounts than not using it at all. However, Twitter does not encourage users to utilize a more secure two-factor authentication by announcing a new SMS 2FA policy.
On the other hand, tech companies like Mailchimp go the opposite yet take a correct approach as it encourages you to move to two-factor authentication by reducing monthly payments. The best part is users can still protect their Twitter accounts through two-factor authentication without paying the company a single penny.
The app-based 2FA is a more secure option to protect your accounts on social media. It works as fast as receiving an SMS on your device. Since several online sites, apps, and apps offer app-based 2FA, users can generate a code using an authenticator app, such as Duo or Google Authenticator, on their device.