A few hours ago, we heard rumors that Twitter would start charging for two-factor authentication per SMS.
Now it’s official: you need to pay to use this form of Twitter authentication. In fact, if you don’t start paying for Twitter Blue (€11/month) or change your account to use an external authentication application or a physical security key, Twitter will simply disable your 2FA after March 20th.
In fact, SMS authentication is not very secure as SIM swapping hacks are common nowadays. Twitter’s own Jack Dorsey fell victim to this technique four years ago.
Here’s how Twitter is trying to justify this change, but we can’t rule out a simpler reason either: It costs money to send SMS messages, and Twitter doesn’t have a lot of money right now. The company was eliminating SMS even before Elon Musk took over.
Twitter’s own transparency data shows that, as of December 2021, only 2.6% of Twitter users have 2FA enabled, and 74% of those users are using SMS as their 2FA method.