Recently, Twitter revealed that its well-liked two-factor authentication (2FA) feature would only be accessible to users of Twitter Blue, its paid version of the website. As a result, the 2FA feature—which gives users’ accounts an additional layer of security—will no longer be available to free users. Instead, in order to access the feature, they will need to pay for the subscription service. Traditionally, 2FA adds an extra step to the login process by using the user’s email address or mobile number. Users must enter their username, password, and then an additional “factor,” such as a numeric code, in order to use the feature. Security experts advise using a generator app to obtain these codes, but many people choose to use SMS text messages instead.
Also Read: Pine Labs Launches Dukaan Studio to Help Modernize Kirana Stores
However, SMS-based 2FA can be abused by malicious parties. Security experts are perplexed by Twitter’s decision to remove the text message-based 2FA option for free users. The decision made by Twitter is the most recent in a line of divisive policy adjustments made since Elon Musk bought the business last year. Users must pay $11 per month on Android and iOS, or less for a desktop-only subscription, in order to access the Twitter Blue features, such as a verified blue checkmark on Twitter accounts. Users who are currently enrolled in SMS-based 2FA and are not Twitter Blue members have until March 20, 2023 to change to an authenticator app or a physical security key. After that date, Twitter stated that it would stop supporting text message-based 2FA for users who are not Twitter Blue subscribers.
Despite the fact that turning off text-based 2FA does not immediately separate the phone number from the Twitter account, Only 2.6% of Twitter’s active users in July 2022 had any type of 2FA enabled, according to a report from the social media platform. Less than 1% of these users used physical authentication keys, 75% or more used the SMS version, and 29% or more used authenticator apps. Security professionals have stressed that using SMS-based 2FA is preferable to not enabling a second authentication factor. But tech behemoths like Apple and Google have gradually removed the SMS-based 2FA option and moved users to other types of authentication. Researchers worry that Twitter’s new policy may confuse users and give the impression that SMS-based 2FA is a premium feature. Twitter users who use SMS-based two-factor authentication have already begun to see pop-up overlay screens advising them to completely disable two-factor authentication or switch to the authentication app or security key methods. What will happen to users who don’t turn off SMS-based 2FA by the deadline is not yet known.
Also Read: India and Singapore Link Payment Systems for Cross-Border Transactions
According to Twitter’s blog post, for users who have not changed their settings before March 20, two-factor authentication will be turned off. The in-app message to users, however, makes it appear that those who still have SMS-based 2FA enabled on March 20 will have their accounts locked. Many users and security professionals are baffled by Twitter’s decision to restrict 2FA to paid subscribers. While the change might make paid subscribers’ security better, it might make free users more susceptible to cyberattacks. Twitter users must take action to switch to an authenticator app or a physical security key before March 20, 2023, or they risk losing access to their accounts.
