Millions of users’ security may be at risk as a result of Twitter’s decision to make text-based two-factor authentication a feature of the Twitter Blue membership.
Twitter Blue membership gains new safety feature
Twitter is changing how it manages two-factor authentication, according to a company blog post from Wednesday that was highlighted by the microblogging service in a tweet on Friday. Notably, only premium users will be able to use that text message two-factor authentication.
Three two-factor authentication methods—using text messages, an authentication app, or a security key—are typically used to protect the account. While the latter two will remain unchanged, Twitter Blue members will now benefit from the SMS authentication option.
Twitter writes in a blog post that text-based 2FA “be used – and abused – by bad actors,” and that, starting from Wednesday, the company will not allow accounts to sign up for SMS 2FA unless they are Twitter Blue members.
Users of Twitter Blue who are currently using SMS-based 2FA have until March 20 to turn it off and switch to another method. Non-Twitter Blue subscribers won’t be able to use text-based 2FA after March 20, and such accounts will have 2FA turned off automatically.
We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.
In the United States, Canada, Australia, New Zealand, Japan, the United Kingdom, Saudi Arabia, France, Germany, Italy, Portugal, Spain, India, Indonesia, and Brazil, Twitter Blue is available for purchase on the web for $8/month or $84/year, or in-app on iOS or Android for $11/month (or your local pricing).