Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only

News

Feb 18, 2023Ravie LakshmananAuthentication / Online Security

Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers.

“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said.

“We will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”

Twitter users who have not subscribed to Blue that have enrolled for SMS-based 2FA have time till March 20, 2023, to switch to an alternative method such as an authenticator app or a hardware security key.

After this cutoff date, non-Twitter Blue subscribers will have their option disabled.

The alternative methods “require you to have physical possession of the authentication method and are a great way to ensure your account is secure,” Twitter noted.

Given that SMS has been the least secure form of 2FA, the latest enforcement is likely to force people to move towards secure forms of authentication.

According to Twitter’s own data, only 2.6% of all active accounts have enabled at least one form of 2FA. SMS accounts for 74.4%, followed by authenticator apps (28.9%) and security keys (0.5%).

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)
Amazon MOVEit Leaker Claims to Be Ethical Hacker
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
North Korean Actor Deploys Novel Malware Campaign Against Crypto Firms

Leave a Reply

Your email address will not be published. Required fields are marked *