Twitter will start limiting texting for two-factor authentication (2FA) to its paid subscribers.
The change, effective starting on March 20, means non-subscribers will
have to use an authenticator app or a security key to get the added
security protection.
- Twitter Blue
subscribers will still be able to use text messaging for their 2FA
method, an extra step to verify their username and password when logging
in.
- Non-subscribers can still use 2FA but will need an authentication app or physical security key. Those users who currently have text 2FA enabled and don't subscribe will lose that ability on March 20.
- In a blog post
explaining the move, Twitter said text-based 2FA has been “abused” by
“bad actors," implying that the text method is easier to hack.
- Twitter owner Elon Musk appeared to confirm
that the reason behind the policy change is that telecommunication
companies have used bot accounts "to Pump 2FA SMS" and the company has
lost $60M annually "on scam SMS."
- Twitter charges $8 to $11 a
month or $84 a year for Blue, which comes with a blue verified checkmark
for accounts and other perks.