With our free press under threat and federal funding for public media gone, your support matters more than ever. Help keep the LAist newsroom strong, become a monthly member or increase your support today.
Twitter Will Limit Uses Of SMS 2-Factor Authentication. What Does This Mean For Users?
Twitter will now charge for 2-factor verification on the app.
(
Olivier Douliery
/
AFP via Getty Images
)
Only users who pay a monthly fee for Twitter's subscription service will get to use text message authentication in order to keep their accounts secure, the social media company says.
Two-factor authentication is not required to be a user on Twitter, but it is a proven and easy way to help keep accounts secure. It makes it so if someone wants to hack into an account they'd have to have the password and access to the account owner's device.
Twitter Blue costs $11 a month on Android and iOS in the U.S. It's $8 a month for web users. Users have 30 days to sign up or they will see their SMS two-factor authentication (2FA) turned off automatically, the company said.
This announced change to the platform is just the latest in a series of decisions causing serious upheaval at the social media company following Elon Musk's takeover last year.
Sponsored message
Twitter says the reason for this move is due to phone number-based two-factor authentication being "abused by bad actors." But the planned move has riled up many users, concerned about wider implications.
At least one user called the decision "vile" and "disgusting."
The company says "disabling text message 2FA does not automatically disassociate your phone number from your Twitter account," but others say it does put user security at risk.
Another user speculated that Twitter's latest move could "lead to class action suits when people get hacked and have damages."
Evan Greer, director of Fight for the Future, a nonprofit digital rights advocacy group, took to Twitter denouncing the move.
In an email to NPR, she called this decision another one of Musk's "chaotic moves." She has been critical of recent actions by Twitter following Musk's takeover of the company.
Sponsored message
"Twitter users should never have been put in this situation. Making changes to something as sensitive as 2 factor authentication, which could mean the difference between someone's physical safety and a stalker, abuser or authoritarian government gaining access to their account, should never be made in such a reckless and poorly thought out manner," Greer said in her email to NPR.
The potential impact for users outside of the U.S
There also seem to be broader implications for accounts in other parts of the world.
Gavan Reilly, a reporter in Ireland, tweeted that Twitter Blue isn't even available in his country yet, "so there is literally no option to maintain the current choice of security."
Twitter Blue only exists in the U.S, Canada, Australia, New Zealand, Japan, the U.K., Saudi Arabia, France, Germany, Italy, Portugal, Spain, India, Indonesia, and Brazil. The company says it plans to expand it.
Greer said limiting the ways a user can protect their accounts "is also a gift to authoritarian governments."
"Sure, it's nice to tell people to go use an authenticator app, but what if their government blocks that authenticator app, criminalizes its use, or gets it banned from the app store?," she noted.
Sponsored message
And there are apps, like Duo, that won't work in certain countries if a user's IP address originates in a region sanctioned by the the U.S., including Cuba, Iran, Syria, and areas in Ukraine controlled by Russian forces.
Users should find alternatives to SMS authentication
Two-factor authentication is "one of the most basic forms of security many people use and have access to," Greer said.
It's considered "better than nothing," but she notes it's actually one of the least secure measures to use. That's "because of a relatively simple attack called a 'sim swap' that has become more and more common."
This is when "an attacker calls your cell phone company pretending to be you and convinces them to transfer your phone number to a new device, then sends the 2 factor authentication code" to themselves, she said.
It's generally recommended by digital security experts to switch over to an authenticator app instead of just relying on a phone number, Greer added.
"For readers looking to protect themselves: even if you do have Twitter Blue you should switch away from using SMS for 2 factor and start using an authenticator app," she said. "There are a number of reputable ones, and some password managers even have them included."
Sponsored message
Still, Greer said making 2FA a "luxury feature" for certain subscribers is silly and potentially dangerous.
Greer worries for users who are not tech savvy.
"We know that most users simply stick with defaults or just don't take action if they're confused or unsure," she said. "In practice this could mean that millions of vulnerable Twitter users are suddenly booted off of 2 factor authentication and don't set it back up again."
Copyright 2024 NPR. To see more, visit npr.org.
At LAist, we believe in journalism without censorship and the right of a free press to speak truth to those in power. Our hard-hitting watchdog reporting on local government, climate, and the ongoing housing and homelessness crisis is trustworthy, independent and freely accessible to everyone thanks to the support of readers like you.
But the game has changed: Congress voted to eliminate funding for public media across the country. Here at LAist that means a loss of $1.7 million in our budget every year. We want to assure you that despite growing threats to free press and free speech, LAist will remain a voice you know and trust. Speaking frankly, the amount of reader support we receive will help determine how strong of a newsroom we are going forward to cover the important news in our community.
We’re asking you to stand up for independent reporting that will not be silenced. With more individuals like you supporting this public service, we can continue to provide essential coverage for Southern Californians that you can’t find anywhere else. Become a monthly member today to help sustain this mission.
Thank you for your generous support and belief in the value of independent news.
But the game has changed: Congress voted to eliminate funding for public media across the country. Here at LAist that means a loss of $1.7 million in our budget every year. We want to assure you that despite growing threats to free press and free speech, LAist will remain a voice you know and trust. Speaking frankly, the amount of reader support we receive will help determine how strong of a newsroom we are going forward to cover the important news in our community.
We’re asking you to stand up for independent reporting that will not be silenced. With more individuals like you supporting this public service, we can continue to provide essential coverage for Southern Californians that you can’t find anywhere else. Become a monthly member today to help sustain this mission.
Thank you for your generous support and belief in the value of independent news.
Senior Vice President News, Editor in Chief
