Featured Image Credit: M4OS Photos/AC NewsPhoto/Alamy Stock Photo
Topics: Elon Musk, Technology, Twitter, Social Media, News, Phones
Daisy Phillipson
Topics: Elon Musk, Technology, Twitter, Social Media, News, Phones
Twitter is disabling SMS two-factor authentication for most users next month, and the news has left people confused.
Elon Musk's made some huge changes to the social media platform ever since his $44 billion takeover, including, but not limited to, firing a number of top execs, bumping his posts to the top of the timeline, and, of course, the blue tick subscription service.
And now, a new move is set to come into play whereby users will no longer be able to use the text message method of its two-factor authentication login... unless, that is, you're already paying for a Twitter Blue subscription.
Advert
In a statement shared this week, the company explained: "Instead of only entering a password to log in, 2FA requires you to also enter a code or use a security key.
"This additional step helps make sure that you, and only you, can access your account. To date, we have offered three methods of 2FA: text message, authentication app, and security key."
However, while the SMS method is popular, Twitter said this has been 'used and abused by bad actors', which we're guessing means scammers?
It added: "So starting today (February 15), we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.
"The availability of text message 2FA for Twitter Blue may vary by country and carrier."
If you're wondering what to do next, regular users have until March 20 to disable this particular feature or else it will be disabled automatically.
This doesn't mean your phone number will be automatically disassociated from your account – if you want to do this, you'll have to update your settings.
Without SMS verification, your options for secure login include either using an authentication app or a security key.
Technology blog Ghacks recommends companies like Yubico for security key products while highlighting the numerous authentication apps available such as Google Authenticator, Microsoft Authenticator and Authy.
"These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure," added Twitter.
Now, this all would make perfect sense if it was truly about ramping up security. But the question remains: why are blue tick holders still able to use this technique?
As said by Ghacks writer Martin Brinkmann: "Twitter is making the site deliberately less secure for non-Twitter Blue users who use text message two-factor authentication.
"While it is true that text messages are not secure for two-factor authentication, it is better than not using it at all.
"Some may switch to another method, but there will likely also be users who won't enable another two-factor authentication method."
He went on to suggest: "The 'abuse' argument by Twitter does not really make sense, as Twitter Blue users may continue to use text message authentication.
"It may have something to do with Twitter cutting costs everywhere to make the service profitable."
Over on Twitter, one person wrote: "Twitter paywalling the easiest, most ubiquitous form of two-factor authentication - by SMS message - is blatantly disregarding user security to get more paid blue tick revenue."
"Just got a Twitter message saying I must remove two-factor authentication as I'm not a blue tick bunny," said another.
"Soooooo.... does that mean I must open myself up to having my account hacked if I don't pay for it?"
UNILAD has contacted Twitter for comment.