Confused about Twitter’s SMS 2FA method? Here’s what you need to do
Twitter users are complaining and confused about the announcement that “you need to turn off two-factor authentication for text messages.” The company had announced it in a blog post in February, but some users are still trying to understand their options.
Twitter stated in a blog post that the platform will only allow users to secure their accounts with SMS-based two-step verification if they subscribe to Twitter Blue. So as the deadline approaches on March 20, new changes are worrying social media users.
First, understand that SMS 2FA has been used and abused by bad actors, apparently costing Twitter about $60 million a year, according to Twitter.
However, in the notification, users will see text that says “only Twitter Blue subscribers can use the SMS 2FA method. It only takes a few minutes to remove. You can still use the authenticator app and secure key.”
Some experts believe that SMS-based 2FA isn’t the best form of security, and removing it as a free option could highlight how much Twitter values security and its users. This is because attackers can intercept texts by capturing the targets’ phone numbers or using other techniques.
But some also criticized it, saying that this is a bad PR stunt by Twitter CEO Elon Musk to get more Blue Tick users. In addition, according to some experts, using SMS 2FA is a much better option than not using another authentication factor.
Some researchers also previously expressed concern, saying that Twitter’s policy change will confuse users by giving them too little time to transition and making SMS two-factor seem like a premium feature.
What should be done?
Go to Settings & Support, then Settings & Privacy, then Security & Account Access, Security, and Two-Step Verification. Users must uncheck the box next to text messages on web or mobile.
After this process, two-factor authentication for the account will be disabled. If someone tries to add SMS as a 2FA option without signing into Twitter Blue first, they’ll be prompted to choose an authentication app or security key.
Users can install a primary authentication application such as Google Authenticator, which is the most prominent third-party application used for 2FA. Users can then go to Settings and Privacy on Twitter, followed by Security and Account Access, Security, Two-Step Verification, and Authentication. Users must then enter a password and click Confirm to continue.
This is currently the most convenient way to ensure that users have another layer of protection for their Twitter accounts.
What will happen if users do not disable the SMS doubler by the new deadline is unknown. According to an in-app message, users who still have SMS 2FA enabled when the change takes effect on March 20 will be locked out of their account.
But the blog post states that the 2FA method will be disabled on March 20 if users do not adjust it before then.
“Disabling Text 2FA does not automatically remove your phone number from your Twitter account. If you wish to do so, instructions for updating your account phone number are available in our help center,” it added.
While there is still some confusion, some believe that if users do nothing to add layers of security, nothing will likely happen and people will still be able to use Twitter. But it probably significantly increases the likelihood of a Twitter account being hacked.
Read all the Latest Tech News here.