Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Twitter’s doing a really good job of trying to push people towards Twitter Blue, the subscription service that costs $8 a month (or $11 on iOS) for a variety of perks and benefits. The latest “perk” announced for the service is SMS two-factor authentication.
Users who have SMS-based two-factor authentication enabled have until March 20 to either subscribe to Twitter Blue or choose a different version of authentication. Those that don’t have 2FA enabled will find that the SMS option is already locked behind the Twitter Blue paywall.
What is two-factor authentication?
Two-factor authentication, also known as 2FA is a security system that helps keep hackers and other bad actors out of your accounts — even if they have your password. So if a hacker has managed to obtain your password somehow, or it’s cracked by brute force, there’s another layer of security to make sure you’re the only person who has access to that account.
Think of 2FA like an airlock on a spaceship. Getting through the airlock means passing through two different doors every single time. In the event that one of those doors fails, there’s still an extra physical barrier between you and the cold harsh void of space.
The most common 2FA systems involve the user receiving a 6 to 8 digit code, and entering it during the login process. This code can be sent by email, SMS text message or via a dedicated authentication app. Other 2FA systems include approving login requests from a trusted device, usually your phone, or via the use of a physical USB security key that plugs into your device.
What’s happening over at Twitter?
According to Twitter’s blog post, the social network will disable two-factor authentication for any non-paying users that still rely on SMS authentication after March 20. Which would effectively compromise the security of those accounts.
This is rather an odd decision for a multitude of reasons. The main one isn’t that Twitter is trying to push people away from SMS 2FA, given its reputation for being incredibly insecure. Instead the explanation is that the system is abused by bad actors, and that fraud allegedly costs Twitter in excess of $60 million a year.
Twitter doesn’t have a lot of money right now, and has been aggressively trying to cut costs. To the point where the company has allegedly not been paying rent on its offices, and has already been involved in mass layoffs. It definitely hasn’t helped that advertisers, the main source of Twitter’s revenue, fled en masse thanks to a series of bizarre and controversial decisions.
Those decisions are reported to include lax content moderation policies, and issues over brand safety. Evidently, letting anyone with $8 verify their account as whichever person or brand they like is not good for business.
Needless to say the company has been pushing the premium Twitter Blue to try and make a dent in the lost revenue. Perks of subscribing include being able to “verify” your account with a blue tick, 50% fewer ads, early access to new features, tweet editing, more video upload options, and having your tweets prioritized in search results.
If bad actors really are defrauding Twitter by $60 million a year in this way, the obvious solution would be to scrap SMS-based 2FA in its entirety. Twitter wouldn’t be the only company to do so, and it would safeguard users from the various insecurities associated with sending authentication codes via SMS.
Not only is SMS messaging unencrypted and has as much security as a wet paper bag, using SMS 2FA is far too reliant on you maintaining control of your phone number. It is shockingly easy for bad actors to steal your phone number, either by SIM swap scams, phishing, or social engineering.
Once a hacker has control of your phone number, all your SMS 2FA protections might as well not be there.
In any case, account security isn't the kind of feature that should be locked behind a paywall. Especially not in a way that suggests the SMS 2FA option is some kind of premium perk that only paying customers deserve.
How to change your 2FA on Twitter
Log into your Twitter account and open the Settings and Support menu from the side bar, followed by Settings and privacy.
Tap Security and account access > Security.
Choose the two-factor authentication option.
Toggle off the Text Message option. Enter your password when prompted and agree to any prompts warning you about the dangers of not having 2FA.
Choose either Authentication app or Security Key if you have access to a physical USB security key.
Follow the on-screen instructions to set up your new 2FA system.
