Twitter has announced that it will restrict SMS-based two-factor authentication only to users who are subscribed to the £8-a-month Twitter Blue service from 20th March. The announcement has raised concerns for users who fail to switch over to another method of authentication (2FA) could be vulnerable to hacking attempts, potentially resulting in widespread account breaches.
On their blog they published on the 15th of February they said users have 30 days to disable this method and enroll in another (2FA). Any accounts with text message two-factor authentication (2FA) still enabled after the deadline will have it disabled. This move is linked to Twitter being “scammed” by phone companies and paying more than $60m (£49m) a year for “fake 2FA SMS messages”.
Currently Twitter provides free two-factor authentication through third-party apps and a security key, which are considered more secure than SMS-based systems. Elon Musk tweeted “Use of free authentication apps for 2FA will remain free and are much more secure than SMS”.
Secure Your Account
If you have a Twitter account, we strongly recommend you setup two-factor authentication (2FA) using an authentication app. To do this log into Twitter and select “Settings and Support” and then click “Settings and privacy”. From this set of menus click “Security and account access” > “Security” > “Two-factor authentication” and tick/enable the “Authentication app”. From here you can follow the on-screen instructions.