Twitter makes SMS two-factor authentication exclusive to Twitter Blue users
Date:
Sat, 18 Feb 2023 18:30:26 +0000
Description:
Two-factor authentication isn't going anywhere but if you want to use SMS to get your codes, you'll have to pay.
FULL STORY ======================================================================
Changes are afoot at Twitter, again: the social network owned by Elon Musk
has announced that securing accounts via SMS-based two-factor authentication (2FA) is going to be an option exclusive to paying Twitter Blue users from this point on.
As per the blog post explaining the change, you won't be able to set up 2FA with SMS after March 30 unless you pay for Twitter Blue. If you currently use this method to protect access to your account, you've got 30 days to either subscribe to Twitter Blue or switch to a different 2FA method, such as an authenticator app or a security key.
"We encourage non-Twitter Blue subscribers to consider using an
authentication app or security key method instead," says Twitter in its statement. "These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure." Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:
https://t.co/wnT9Vuwh5n February 18, 2023 See more Pay up or switch
In its blog post, Twitter mentions abuse of the SMS 2FA system by "bad
actors" as one of the reasons behind the switch. From an Elon Musk tweet , it also seems that Twitter was losing a substantial amount of money from bot accounts abusing the SMS 2FA method.
Now if you want to stick with SMS to set up Twitter on new devices, you'll need to pay for the privilege. Twitter Blue costs $8 a month, or $11 a month if you sign up through Android or iOS, and it's also available for a whole year for $84. Amongst other perks, you can edit tweets and undo the posting
of tweets.
While it's perhaps not the worst change that Twitter has seen under Musk's stewardship, the move has kicked up a fair amount of anger on Twitter, of course from those who see it as putting one of the most crucial security measures behind a paywall. Analysis: set up two-factor authentication,
install an app
Two-factor authentication is absolutely something you should set up on Twitter, and everywhere else ( here's how ): it adds an extra level of protection that means something else is required to log into your account on unknown devices, besides a username and password (details which can be
tricked out of you or indeed leaked out online).
That "something else" can be a text message sent to your phone, but at this stage SMS is the weakest option for 2FA. Text messages can be intercepted and redirected, and it's a much better idea to install a free app on your phone
to generate an authentication code instead among the ones available are Authenticator from Google and Authy .
The weakness of SMS 2FA begs the question of why Twitter didn't just ditch it altogether but it would seem that there are still users who genuinely need this functionality. It's not clear how big this group is, but anyone still in it is now going to have to pay for the privilege of getting their 2FA codes sent over SMS.
One of the risks here is that SMS 2FA users who don't want to pay will simply switch off 2FA completely something we definitely wouldn't recommend. To
keep your account as secure as possible, get 2FA set up and use a mobile app as the authentication method, whether or not you're subscribed to Twitter Blue. Watch out, TweetDeck users Elon Musk is about to ruin your Twitter experience
======================================================================
Link to news story:
https://www.techradar.com/news/twitter-makes-sms-two-factor-authentication-exc lusive-to-twitter-blue-users
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)