TIn the future, witter will only allow paying subscribers to use text messages (SMS) to secure their accounts. Twitter announced this in a blog post on Friday. Unfortunately, it was found that account security via SMS and the associated phone numbers had been used – and abused – by malicious actors. “As a result, starting today, we will no longer allow accounts to sign up for the SMS method of 2FA (two-factor authentication) unless they are Twitter Blue subscribers.”
However, Twitter users still have the option to use an authenticator app or security key to secure their account. The change was not well received by the Twitter community. Many users suspected that the change was just an attempt by Elon Musk to promote the switch to the Twitter Blue subscription.
Twitter owner Musk indirectly justified the change in policy by accusing unspecified telecommunications companies of abusing the SMS system. He confirmed a report that these companies used robot accounts to boost 2FA SMS sending. Twitter has to bear the costs for the SMS. You lose $60 million a year to fraudulent text messages. In a tweet, Musk confirmed these statements with a short “yup”.
On Saturday, security experts were also able to see something positive about the elimination of the SMS method for two-factor authentication. Among the various 2FA methods, SMS is the weakest method. Frank Rieger, spokesman for the Chaos Computer Club, explained that Twitter’s motive for only allowing paying users to use SMS-based two-factor authentication was obviously of a financial nature: “SMS costs money”. “But in the end it can actually improve security by pushing users towards better authentication methods.” Attacks on the SMS method are real.