Twitter Removes 2FA Service Via Free SMS And Makes It Paid Starting March 20
JAKARTA - Monday, March 20 is the last day for Twitter users who use the two-factor authentication method (2FA) via text messages (SMS) to switch to other methods. Twitter will place the SMS 2FA method behind Blue payment walls for $8 (Rp135,000) per month starting March 20.
As part of this change, Twitter will also shut down 2FA for user accounts that still use SMS verification if they don't switch or pay for Blue before that deadline, leaving user accounts vulnerable to hacker attacks.
However, users can still activate 2FA for free using authentication applications, such as Google Authenticator or Authy. Users can also use security keys, but this requires hardware purchases.
Twitter makes SMS 2FA a paid feature because it is the least secure authentication method. While it seems unnatural, it can at least direct unsubscribed users to switch to other methods, as this method is known to be vulnerable to SIM swapping attacks.
The Verge reports, These attacks can occur when criminals use social engineering or other tactics to convince your mobile operator to switch your phone number to their device. They can then intercept the text messages you receive, including the SMS 2FA code, which has the potential to allow them to access your account.
While it sounds troublesome to download and create accounts with authentication apps if you haven't used them, the process is actually quite simple. You can learn more about how to set an alternative 2FA method here.