175 with
Share this story
Twitter announced Friday that as of March 20, it will only allow its users to secure their accounts with SMS-based two-factor authentication if they pay for a Twitter Blue subscription. Two-factor authentication, or 2FA, requires users to log in with a username and password and then an additional “factor” such as a numeric code. Security experts have long advised that people use a generator app to get these codes. But receiving them in SMS text messages is a popular alternative, so removing that option for unpaid users has left security experts scratching their heads.
Twitter’s two-factor move is the latest in a series of controversial policy changes since Elon Musk acquired the company last year. The paid service Twitter Blue—the only way to get a blue verified checkmark on Twitter accounts now—costs $11 per month on Android and iOS and less for a desktop-only subscription. Users being booted off of SMS-based two-factor authentication will have the option to switch to an authenticator app or a physical security key.
“While historically a popular form of 2FA, unfortunately, we have seen phone-number-based 2FA be used—and abused—by bad actors,” Twitter wrote in a blog post published Friday evening. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
Advertisement
In a
Read more