Only Twitter Blue users to have two-factor authentication through SMS

20 Feb 2023

Image: © Tada Images/Stock.adobe.com

Twitter blamed the abuse of 2FA through text message by ‘bad actors’ as the reason behind the latest move.

In about a months’ time, Twitter users who are not subscribed to the paid Blue service will lose access to the two-factor authentication (2FA) feature that uses text messages as a method.

Twitter confirmed last week that starting 20 March, non-Twitter Blue subscribers who want to retain 2FA on their accounts will have to choose between an authentication app and a security key while the SMS option will only be available to paid users.

“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” Twitter explained in a blogpost.

“So starting today, we will no longer allow accounts to enrol in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.”

This means that all those accounts who are verified and have blue badges because they were deemed notable before Elon Musk took the helm will not be eligible for text message-based 2FA.

A notification on Twitter asking users to remove text message two-factor authentication.

Image: Vish Gain/SiliconRepublic.com

Those users who already have SMS 2FA enabled will have to disable the feature by 20 March.

“After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method,” Twitter said.

“At that time, accounts with text message 2FA still enabled will have it disabled. Disabling text message 2FA does not automatically disassociate your phone number from your Twitter account.”

Users who may want to disassociate their phone number from their Twitter account can do so by updating their phone number preferences in the Help Centre.

Twitter now recommends those who don’t have 2FA enabled to consider using an authentication app or security key method – both of which require users to have physical possession of the authentication method.

Twitter Blue is a paid subscription to the platform recently launched by Elon Musk. It offers enhanced services such as a blue tick – previously reserved for accounts deemed notable – and other perks. US subscribers can now also post tweets with up to 4,000 characters.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com