Today’s the last day to switch away from Twitter’s SMS 2FA method
Illustration by Alex Castro / The VergeIf you haven’t switched away from Twitter’s SMS two-factor authentication (2FA) method yet, today’s the last day to do it. Starting on March 20th, Twitter will place its text message-based 2FA behind its...
If you haven’t switched away from Twitter’s SMS two-factor authentication (2FA) method yet, today’s the last day to do it. Starting on March 20th, Twitter will place its text message-based 2FA behind its $8 per month Blue paywall.
As part of this change, Twitter will also turn off 2FA for your account completely if you don’t switch away from SMS verification or pay for Blue before that deadline, leaving your account vulnerable to hacking. Fortunately, you can still enable 2FA for free using an authenticator app, like Google Authenticator or Authy. You can also use a security key, but this requires the purchase of an actual piece of hardware.
Twitter’s making SMS 2FA a paid feature because it’s the least secure form of authentication. This may seem counterintuitive, but it should at least steer non-subscribers away from the method, as it’s known to leave users susceptible to an attack known as SIM swapping.
This can occur when a bad actor uses social engineering or some other kind of tactic to convince your mobile carrier to reassign your phone number to their device. They can then intercept the text messages you receive, including those SMS 2FA codes, potentially allowing them to gain access to your accounts.
Although it sounds like a pain to download and create an account with an authenticator app if you don’t already use one, the process is actually pretty simple. You can learn more about how to set up an alternate 2FA method on Twitter here.