Twitter About to Start Charging Users for SMS 2FA

Ever since Elon Musk’s acquisition of Twitter, this social media network has gone through several updates that quickly turned into some of the biggest controversies of 2022. From the release of Twitter 2.0 to changes in advertising policies, it appears that Elon is more than eager to transform, or as some would say, disfigure Twitter as we used to know it.
The latest update, which states that Twitter is about to begin charging users for SMS 2-factor authentication, is equally surprising as the introduction of verification checkmarks. So, the question is, should the users bend their knees and go along with Musk’s plans, abandon Twitter for good, or switch to other authentication options due to potential security issues?

Reading Time: 3 minutes

Twitter 2FA

Illustration: Milica Mijajlovic

Twitter’s Update on Two-Factor Authentication

In the middle of February, Twitter announced on its blog that, starting from February 15th, users without the Twitter Blue subscription won’t be able to rely on SMS two-factor authentication. That is because, according to Twitter, this form of 2FA has been abused, hence the decision to limit the availability of SMS-based two-factor authentication to Twitter Blue subscribers only.

According to the Twitter Help Center, a Twitter Blue subscription starts from $8, costing almost as much as a Netflix membership. The cheapest subscription is for Twitter on the web, and you can get an annual plan, if you want to save extra money, for $84. Those who want to use Twitter on iOS or Android could consider a monthly plan of $11.
Twitter offers iOS users an annual plan which adds up to $114.99, saving them $17.01 a year. Android users presumably pay $132 annually since Twitter didn’t specify on its Help Center page that Android users would get special deals, such as users with iOS mobile devices.
How Much for the Twitter Blue Subscription?
Twitter's pricing

Source: Twitter

That means that from February 15th, Twitter won’t allow users to utilize the SMS 2FA unless they’ve paid for the Twitter Blue subscription. Additionally, those who don’t have a Twitter Blue subscription but use this authentication method will have 30 days to disable it and choose a different verification option. So, after March 20th, non-Twitter Blue subscribers won’t have the option to use SMS as an authentication method, and this setting for users who refuse to change it will be disabled.

image-1

We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.

Twitter writes in its blog post about the upcoming two-factor authentication update.

Elon Musk also shared on Twitter that threat actors abusing Twitter’s SMS two-factor authentication method cost the company roughly $60 million a year.

How Will Elon’s Decision Affect the End User?

Twitter’s announcement stirred up the crowd, and many users were outraged about this seemingly absurd update. Some even suggested that Twitter is compromising user safety to cut costs, which could be a plausible explanation for the update.

Now, why is Twitter’s two-factor SMS-based authentication a potential privacy concern?

For starters, two-factor authentication is an essential feature that adds an extra security layer to your account. While quite a few 2FA types exist, Twitter offers three two-factor authentication methods – SMS account verification, security key, and authentication app.

According to Twitter’s report published long before Elon Must initiated Twitter’s acquisition, 74.4% of Twitter accounts use the SMS authentication method, 28% authentication app, and only 0.5% use security keys to improve account safety as of December 2021.

Mobile authentication example

Photo illustration: Freepik

It’s no surprise that the majority of users rely on SMS codes instead of other authentication methods. For most people, receiving an SMS with a security code is a lot easier than employing other options. For example, some multi-factor authentication mobile apps will do a marvelous job at keeping your account unbreachable but might require multiple credentials, which, again, is too much hassle for many users.

Users not wanting to pay for a Twitter subscription will lose the privilege of using SMS authentication. As a result, they could potentially drop the idea of employing additional security measures besides passwords. If user accounts become easily breachable, lots of people could lose access to their accounts.

Making users pay for a feature that was free for a very long time is a very bold move and could result in a disaster. True, people still have the option to choose and switch to other authentication methods or invest in a Twitter Blue subscription. However, as stated earlier, SMS was the easiest solution, and people prefer convenience. In addition to charging for convenience, Twitter isn’t doing a good job of helping people switch to other, less user-friendly methods.

Some users suggested potential solutions to this problem, such as switching to email-based 2FA and educating account holders about more secure options.

Twitter, however, didn’t announce such procedures, leaving users with a difficult choice. More importantly, many account holders aren’t happy with the announcement, meaning Twitter could lose many users at the end of March 2023.

https://twitter.com/Underrated_Dom/status/1628122244747522053

Did Elon Make the Right Choice?

SMS authentication adds more security to your account than using a password only. But, as there’s no such thing as ultimate safety, this authentication method is exploitable, just like other two-factor authentication options.

Of course, more secure methods exist, including security keys and authentication apps, the authentication options Twitter offers its users. So, in a way, Twitter could do us all a favor by enforcing new account verification rules.

Still, we don’t know how many users will refuse to switch to Twitter Blue or other authentication methods, so it’s too early to question whether Elon made the right choice. What we can say for sure is that SMS authentication is the least secure account verification option, and improving security will benefit all. We only hope Musk and his team know forcing people into change again, could backfire. But then, maybe the risks were carefully calculated, and his decision to eradicate SMS verification could result in a better, more secure Twitter.

Jelena is a content writer dedicated to learning about all things crypto. Her hobbies are playing chess, drawing, baking, and going on long walks. During winter, she usually spends her leisure time reading books.

[the_ad_placement id="end-body"]