Twitter Abandons SMS 2FA For Non-Blue Users Today, How To Secure Your Account For Free
Twitter has made a lot of changes under Elon Musk, many of which have been unpopular with its users. The latest one continues the trend. Starting today, non-paying users can no longer use SMS two-factor authentication. There are other ways to secure your free account, but forcing users to turn off vital security features is not a good look.
There was a backlash when Twitter announced this change last month, but it's going ahead with the change anyway. Previously, SMS was the default setting for two-factor authentication (2FA) on Twitter. For each login, Twitter would send a text message to the user's phone with a temporary code to confirm account access.
The company claims that it has seen "bad actors" abuse SMS-based 2FA, but the blog post didn't go into details. Twitter's solution to that problem is to limit SMS 2FA to Twitter Blue subscribers. The $8 per month service also includes tweet editing, higher word count, and an increasingly meaningless blue checkmark. Musk also promises more features in the future like higher algorithm placement and fewer ads.
Twitter has been nagging free users with SMS two-factor over the last few weeks, reminding them they will no longer have 2FA starting March 20th. As we've seen time and time again, passwords aren't enough to secure online accounts. That's why Twitter's decision to disable SMS 2FA on a huge number of accounts feels so shady. Could the supposed abuse of SMS 2FA be so bad that it makes more sense to disable the feature? Perhaps the stated reason is just a cover for yet another cost-cutting move at the struggling social network.
Thankfully, SMS 2FA is not the only option to increase account security. It is, however, the easiest. SMS codes are quick and require no setup or management on the user's side – you just log in, and the SMS appears. You can use a physical security key or an authenticator app (e.g. Google Authenticator or Authy) to accomplish the same thing with a free account, but losing your key or paired phone could mean being locked out of your account. If this is the route you're going to go, make sure you keep your backup 2FA codes in a safe place.