For users who are not subscribers, Twitter is removing two-factor authentication via text messages (2FA).
2FA enables users to secure their online accounts further than just passwords by double-checking the identity of the person logging in.
Users are frequently texted a code, and authenticator apps are also frequently used.
However, as of 20 March, text-message authentication will only be available to Twitter Blue subscribers, according to a tweet from the Twitter Support account on Saturday.
Users of text message 2FA may have also received an in-app notification advising them to stop using the method before the cutoff time in order to maintain access to their accounts.
Elon Musk, the CEO of Twitter, stated that the company's authenticator app was more secure and would continue to be free.
He claimed to a critic of the decision that Twitter had been "scammed" by phone companies and was spending more than $60 million (£49 million) annually on "fake 2FA SMS messages.".
"Bad actors," according to Twitter, had abused the technique.
It advised people who aren't Twitter Blue subscribers to think about using an authentication app or security-key method instead.
These procedures, which demand that you hold the authentication method in your hands, are a great way to guarantee the security of your account. " .
According to a Twitter report released in July 2022, only 2.6 percent of active Twitter accounts had 2FA turned on between July 2021 and December 2021, but of those: Rachel Tobac, a security expert, tweeted that the move was "nerve-wracking".
- Text messaging was used by 74% of respondents.
- An authentication app was used by 28% of people.
"All of us in security want people to use a great method of [multi-factor authentication] to protect their account," Ms. Tobac wrote on Twitter, "but auto-unenrolling users who already signed up for SMS 2FA, because they didn't pay, just opens them up to risk.". ".
SMS 2FA may be less secure than authenticator apps, experts have cautioned.
But it continued to be widely used because it was simple to use, according to Prof. Alan Woodward of the University of Surrey.
I'd rather people used something than nothing, which may well be what the less tech-savvy are tempted to do, he said to BBC News.
"I understand Elon Musk's desire to reduce costs for the company, but I think his decision to effectively discourage 2FA for many users was a terrible case of false economy.
. "
