Security Experts Baffled by Twitter's Decision to Limit SMS-Based 2FA to Paid Subscribers
FBI hit with security incident in New York office, GoDaddy suffered multi-year attack, US launches disruptive technology strike force, Europol dismantled a Franco-Israeli ‘CEO fraud’ group, more
Twitter announced that it would only allow its users to secure their accounts with SMS-based two-factor authentication(SFA) if they pay for a Twitter Blue subscription, creating consternation among cybersecurity professionals.
The consensus among security experts is that even if SMS-based 2FA is considered weaker than an app authenticator, removing it will leave the 2.6% of Twitter users relying on it less secure.
“While historically a popular form of 2FA, unfortunately, we have seen phone-number-based 2FA be used—and abused—by bad actors,” Twitter wrote in a blog post. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
It is unclear what will happen if users do not disable SMS two-factor by Twitter’s deadline of March 20…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.