Twitter has announced that it will limit the use of SMS-based two-factor authentication (2FA) to Blue subscribers.
“While historically a popular form of 2FA, we have unfortunately seen phone number-based 2FA abused and abused,” the company said. Said.
“Unless you are a Twitter Blue subscriber, we will no longer allow your account to register for text message/SMS methods of 2FA.”
Twitter users who have enrolled in SMS-based 2FA but not Blue will have until March 20, 2023 to switch to alternative methods such as authenticator apps or hardware security keys.
After this cut-off date, the option will be disabled for non-Twitter Blue subscribers.
Alternatively, “you must physically possess the authentication method, which is a great way to keep your account secure,” Twitter said.
Given that SMS is the least secure form of 2FA, modern enforcement may force people to move to more secure forms of authentication.
according to Twitter’s own data, only 2.6% of all active accounts have enabled at least one form of 2FA. SMS accounted for 74.4%, followed by authenticator apps (28.9%) and security keys (0.5%).
