Twitter Removes Two-Factor Authentication for Non-Blue Subscribers

Twitter users without a Blue subscription could be at risk soon.

The microblogging platform revealed it would no longer allow text-based two-factor authentication for users who have yet to subscribe to Twitter Blue.

Those who wish to protect their Twitter accounts without subscribing to Twitter Blue may do so through the platform's other two-factor authentication methods.

Twitter Two-Factor Authentication Limitation Details

Twitter mentioned in its announcement it had stopped allowing non-Twitter Blue subscribers to use its text-based two-factor authentication due to the abuse hackers and cybercriminals give.

The company mentioned that text-based two-factor authentication is "historically popular." Its account security report revealed that only 2.6% of Twitter users use two-factor authentication. Of these users, 74.4% use text-based two-factor authentication, while 28.9% use an authenticator app. Only 0.5% of them use a hardware security key.

However, hackers, cybercriminals, and other similar people have used and abused this form to authenticate people's identities.

You may remember that a hacker, Arka, managed to access Riot Games' development environment after pestering an employee with phishing messages until they inadvertently sent their credentials to Arka out of frustration.

As such, Twitter announced that only Blue subscribers would get to use text-based two-factor authentication starting Feb. 15. Meanwhile, those who don't wish to get a Twitter Blue subscription has less than 30 days (until March 20) to disable this authentication method from their accounts.

Additionally, Twitter CEO Elon Musk said on his Twitter account that the company loses $60 million annually on fake two-factor authentication SMS messages, necessitating this policy change. He would back up the change with another tweet saying that authentication apps are "much more secure than SMS," possibly referring to the risk of SIM-swapping attacks on mobile devices, per Bleeping Computer.

SIM-swapping attacks occur when hackers and cybercriminals take control of their victim's mobile number by tricking or bribing an employee of the victim's carrier to reassign the numbers to SIM cards they control.

Despite removing text-based two-factor authentication from non-Twitter Blue subscribers, the company assures that disabling this form of authentication doesn't automatically disassociate their phone number from their Twitter account.

How To Protect Your Twitter Account Without SMS Two-Factor Authentication

Twitter users who don't wish to subscribe to Twitter Blue could still use two-factor authentication, but they'll have to switch over to either using an authentication app or a security key.

According to Screen Rant, switching to using an authentication app for two-factor authentication is the simplest way to switch from text-based two-factor authentication. To do so, Twitter users should follow these instructions:

  1. Open the Twitter app and tap Security and Account Access and Security on the app's sidebar.
  2. Tap Two-Factor Authentication to view the available verification methods Twitter offers
  3. Select Authentication App and enter your account's password.
  4. Download an authentication app like Google Authenticator or Authy and follow the on-screen prompts to set up the application.
  5. Return to Twitter and tap Link App.
  6. Enter the verification code that appears beside their Twitter username in their linked authentication app to complete the setup process.

Using a Security Key is also possible, though people would first need to purchase one before they could use this authentication method. Once users have one on hand, they could start the setup process by tapping on Security Key instead of Authentication App on the steps above.

After doing so, users should follow these steps to finish setting up two-factor authentication with Security Key selected, per Twitter:

  1. Insert your security key into the USB port of your computer or connect it to your computer's Bluetooth or NFC.
  2. Touch the button on the key to start the setup process
  3. Follow the on-screen instruction to finish setup

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics