What you need to know
- Twitter’s SMS-based two-factor authentication will now cost you a monthly subscription fee.
- The security feature will be restricted only to Twitter Blue subscribers starting March 20.
- Accounts with SMS 2FA still enabled will automatically lose this feature after that date.
After locking some of its longstanding features, such as the blue check mark, behind a monthly subscription, Twitter will now charge you for SMS-based two-factor authentication.
The social networking platform surprised users by announcing (opens in new tab) that only Twitter Blue subscribers will be able to secure their accounts using this security option after March 20. After that date, the feature will automatically be disabled, assuming you haven’t done so by then.
It should be noted that disabling SMS 2FA does not automatically remove your phone number from your account.
Twitter is shutting down the SMS-based 2FA option for free users because it has seen “phone-number based 2FA be used – and abused – by bad actors.” This form of authentication is widely regarded as the least secure due to the rising cases of SIM swap attacks, which allow hackers to steal your phone number by contacting your carrier and then tricking them into activating a SIM card in their possession. When fraudsters gain control of your phone number, it’s all over for the security measures you’ve put in place for your online accounts.
Security experts have long been promoting authentication apps and security keys as more secure alternatives to SMS. However, text messages remain a popular choice among Twitter users.
According to the company’s transparency report (opens in new tab) for the period July 2021 to December 2021, almost 75% of users were using SMS for 2FA. Meanwhile, authentication apps account for nearly 29% and physical authentication keys represent a paltry 0.5%.
This makes Twitter’s decision to remove that option quite alarming from a security standpoint, unless you’re paying $8 a month for Twitter Blue ($11 a month on iOS). Otherwise, now is the time to switch to generator apps or a security key.
Additionally, it’s possible to enable multiple 2FA methods on your account, which is strongly recommended, especially for users in countries where Blue is not available.