Non-Twitter Blue subscribers now have 30 days to join the Blue train or risk having their SMS two-factor authentication disabled. Platformer Zoe Schiffer alluded to Twitter’s and CEO Elon Musk’s new policy in a tweet early Friday afternoon.
NEW: Twitter is planning to unveil a new policy as soon as this afternoon that only Blue subscribers will be able to use SMS-based two-factor authentication, according to company sources.
— Zoë Schiffer (@ZoeSchiffer) February 17, 2023
According to an updated blog post on Twitter’s website, the news is all but official (Opens in a new tab). While SMS is a popular form of 2FA, it can be easily abused, according to the post. As a result, the platform is tying the ability to use its worst form of authentication to an $8 subscription (or $11 if you use an iOS device). Non-Twitter Blue subscribers are advised to “consider using an authentication app or security key method instead.” So it’s either that or wait until March 20 when Twitter turns it off for you.
Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:https://t.co/wnT9Vuwh5n
— Support (@Support) February 18, 2023
SMS 2FA is not required to log into the app, according to Twitter, but it is one of the platform’s most popular forms of authentication. According to Rachel Tobac on Twitter, based on the site’s own transparency data, only 2.6 percent of the platform’s users have 2FA, with SMS authentication accounting for the vast majority (74 percent).
This Twitter 2FA change is nerve-racking because:
1. Only ~2.6% of Twitter users have 2FA on at all (it’s essential for preventing easy account takeover)
Of those 2.6%, 74% use text message based 2FA (https://t.co/WXuFydZk17)
If they don’t pay for Blue they auto lose 2FA on 3/20. https://t.co/LneQojvjbi pic.twitter.com/PgySF3Qyag— Rachel Tobac (@RachelTobac) February 18, 2023
As The Verge’s Sean Hollister points out(Opens in a new tab), one major reason a company might put SMS authentication behind a paywall is that sending SMS messages is expensive. Twitter is desperate for cash, and the billionaire’s plan has been to phase out SMS entirely since he took over (Opens in a new tab). But, for the time being, it appears that Musk has found a way to at least monetize SMS. Given that Twitter Blue subscriptions are earning less than expected, SMS authentication for all users may be phased out entirely in the near future.
