Metacurity

Share this post

Security Experts Baffled by Twitter's Decision to Limit SMS-Based 2FA to Paid Subscribers

metacurity.substack.com

Security Experts Baffled by Twitter's Decision to Limit SMS-Based 2FA to Paid Subscribers

FBI hit with security incident in New York office, GoDaddy suffered multi-year attack, US launches disruptive technology strike force, Europol dismantled a Franco-Israeli ‘CEO fraud’ group, more

Cynthia Brumfield
Feb 20, 2023
∙ Paid
2
Share
Share this post

Security Experts Baffled by Twitter's Decision to Limit SMS-Based 2FA to Paid Subscribers

metacurity.substack.com

Metacurity is a reader-supported publication, and I need your help. Consider becoming a paid subscriber to receive new posts and support my work.

blue and white apple logo
Photo by Brett Jordan on Unsplash

Twitter announced that it would only allow its users to secure their accounts with SMS-based two-factor authentication(SFA) if they pay for a Twitter Blue subscription, creating consternation among cybersecurity professionals.

The consensus among security experts is that even if SMS-based 2FA is considered weaker than an app authenticator, removing it will leave the 2.6% of Twitter users relying on it less secure.

“While historically a popular form of 2FA, unfortunately, we have seen phone-number-based 2FA be used—and abused—by bad actors,” Twitter wrote in a blog post. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”

It is unclear what will happen if users do not disable SMS two-factor by Twitter’s deadline of March 20…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing