Twitter Restricts SMS-based 2FA To Twitter Blue Users – Other 2FA Will Work

Twitter has recently announced a change that baffled many users previously using SMS-based two-factor authentication for account sign-ins. Starting March 2023, Twitter will only allow Twitter Blue subscribers to use SMS-based 2FA. Nonetheless, other multi-factor authentication methods will remain available to all users.

Onwards, Twitter Users Cannot Use Phone Numbers For 2FA

Recently, Twitter users expressed their anger for losing access to the SMS-based 2FA feature. As it turns out, the social media giant has decided to limit SMS-based verification to paying users only.

According to a recent post, starting March 20, 2023, Non-Twitter Blue subscribers will no longer be able to use their phone numbers for verifying account logins. Twitter has reasoned the security risks associated with OTPs to restrict this service.

While historically a popular form of 2FA, unfortunately, we have seen phone-number based 2FA be used – and abused – by bad actors.

Hence, Twitter has already stopped enrolling new non-Twitter Blue accounts for SMS-based 2FA. Whereas the existing SMS-based 2FA users (non-Twitter Blue) will lose access to it after March 20, 2023, unless they subscribe to Twitter Blue.

Nonetheless, it doesn’t mean non-Twitter Blue users will have to leave their accounts vulnerable. Instead, they can switch to other authentication methods, such as the authenticator apps or security key, to ensure secure logins.

Is SMS-based 2FA Safe For Twitter Blue Users?

Maybe not – but that’s not what Twitter has advocated for, either!

In fact, Twitter’s justification behind this inaccessibility of SMS-based verification for free users as the “abuse” of phone number verification sounds pretty weird. Nonetheless, it does syncs with the hype around Twitter’s cost-cutting strategies Elon Musk proposed earlier.

During Twitter’s takeover, Elon Musk highlighted the loss of around USD 60 million Twitter had to bear due to “SMS texts”. Soon after this mention, Musk’s announcement for paid Twitter Blue checks clarified how he decided to manage the financial losses with Twitter.

Also, it hinted at the possible changes Twitter users would experience when using their Twitter accounts with phone numbers. And now, the recent restriction of this cost-incurring SMS-based 2FA to the paid subscribers sounds more like a balancing strategy than a security change.

Whatever the reason is, the fact remains that SMS-based verification is a risky authentication method. Therefore, regardless of Twitter Blue subscriptions, users should ideally consider using safer authentication techniques, like authenticator apps and security keys, across any platform they use, including Twitter.

Related posts

JetBrains GitHub Plugin Vulnerability Affects IntelliJ IDEs

Microsoft June 2024 Patch Tuesday Update Fixed ~50 Vulnerabilities

Upgrade Your PHP Installations for A Critical RCE Flaw Patch