Twitter is doing away with two-factor authentication (2FA) via SMS messages for non-subscribers.
Users can increase the security of their online accounts beyond passwords by using 2FA, which verifies the identity of the person logging in.
Users may receive a code through text message or use an authenticator app, which is common techniques.
But on Saturday, the Twitter Help account stated that starting on March 20, text-message identification would only be available to Twitter Blue subscribers.
The removal of the method before the deadline would prevent them from losing access to their accounts, according to an in-app alert sent to certain text-message 2FA users.
Elon Musk, the owner and CEO of Twitter, tweeted that the authenticator app was safer and would continue to be free.
He said that Twitter had been “fleeced” by phone carriers and was shelling out more than $60 million (£49 million) a year for “false 2FA SMS texts.”
Although only 2.6% of active Twitter accounts had 2FA enabled between July 2021 and December 2021, security specialist Rachel Tobac tweeted that the move was “nerve-wracking” and cited a report from Twitter published in July 2022 that showed that of those, 74.4% used text messages and 28.9% used authentication apps.
According to Ms. Tobac’s tweet, “All of us in security want people to use a wonderful method of [multi-factor authentication] to safeguard their account, but automatically unenrolling individuals who had signed up for SMS 2FA because they didn’t pay merely opens them up to risk.”
SMS 2FA may be less secure than authenticator apps, experts have cautioned.
But it continued to be widely used because it was simple to use, according to Prof. Alan Woodward of the University of Surrey.
“I’d rather individuals used something instead of nothing; the less tech-savvy may well be inclined to do that.” “I understand Elon Musk’s desire to reduce costs for the company, but I think it is a terrible mistake to essentially discourage 2FA for many consumers,” he said.