Twitter makes text message-based two-factor authentication exclusive to Blue subscribers
What's the story
Twitter has disabled text-based two-factor authentication (2FA) for all the users who do not have a Blue subscription.
In its blog post, the social media platform said this has been done to prevent improper usage of the feature.
The text-based 2FA will become exclusive to Blue subscribers starting March 20. It won't remain available even to legacy-verified accounts.
Context
Why does this story matter?
Twitter has changed a lot since Elon Musk's takeover. The platform now seems to be steadily making some features exclusive to Blue subscribers in a bid to attract more users and raise revenue.
However, the latest change is reportedly a result of spammers abusing the feature. Although, Twitter didn't elaborate on the exact reason behind this move.
Details
What is Twitter 2FA feature?
Twitter's 2FA is an additional layer of security provided by the social media platform.
In addition to entering a password, 2FA asks users to enter a code or use a security key.
With this additional step, Twitter ensures that only you can access your account.
Following the activation of this feature, you require a secondary code/login confirmation/physical security key, along with your login credentials.
Twitter Post
Take a look at the official announcement
Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:https://t.co/wnT9Vuwh5n
— Twitter Support (@TwitterSupport) February 18, 2023
Scenario
Text-based two-factor authentication will become exclusive to Blue users
Twitter currently provides three methods of two-factor authentication: text message, authentication app, and security key.
In its blog post, the platform said that the phone number/text-based 2FA has been long abused by bad actors.
Hence, this method will be made available only to Blue subscribers. From February 15, Twitter disallowed non-Blue users from enrolling in the text message/SMS 2FA method.
Twitter Post
Twitter users showing disappointment on Twitter itself
What pic.twitter.com/LjjoNX3wQQ
— Peter Yang (@petergyang) February 18, 2023
Plan
Non-Blue accounts have 30 days to disable the feature
Non-Blue users who have already signed up for the text-based 2FA will have 30 days to disable their enrollment and switch to another method (like authentication app/security key).
The company said, "After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method."
Accounts with this method still enabled will have it turned off automatically.
Condition
Not many use two-factor authentication
According to Twitter's transparency report from 2021, only 2.6% of Twitter users had two-factor authentication enabled.
Nearly 74.4% of these users opted for the text-based authentication method. Only 28.9% of individuals used authenticators, and just a tiny fraction (0.5%) of people used security keys.
Following Twitter's latest move, users having 2FA via SMS enabled will have to change their log-in authentication method.
Official
Twitter is asking non-Blue accounts to use other authentication methods
The text-based 2FA will soon become a paid feature, which will only be available to Blue subscribers.
"We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead," the company wrote in a blog post.
"These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure."