Twitter disclosed plans to stop allowing SMS-based two-factor authentication for account security on February 17, unless users start paying for a Twitter Blue subscription. This implies that Twitter is changing its security options for logging in to your account. Twitter emphasizes the importance of account security on the platform. Further, Twitter offers a security tool called two-factor authentication (2FA) to help keep accounts safe and secure. 2FA requires users to enter a code or use a security key in addition to their password when logging in, making it more difficult for unauthorized users to acquire access to an account.
Although, many of the account’s security is weakened due to this implementation as SMS Authentication is one of the popular and convenient ways to authenticate users. But Twitter has explained why 2FA is the best yet a little inconvenient option.
Why Twitter Removed SMS-based 2FA?
Twitter has previously offered three methods of 2FA: text message, authentication app, and security key. However, due to the misuse of phone-number-based 2FA by bad actors, Twitter has decided to limit the availability of text message 2FA to Twitter Blue subscribers only. This means that non-Twitter Blue subscribers who are already enrolled in text message 2FA will have 30 days to switch to another 2FA method.
The reason for this change is that SIM-swapping attacks, where phone numbers are compromised by attackers, allow criminals to access 2FA messages and breach accounts. In other words: Using another 2FA option, even if it entails some inconvenience, is the optimal choice.
After 20 March 2023, non-Twitter Blue subscribers will no longer be able to use text messages as a 2FA method, and accounts with text message 2FA still enabled will have it disabled. Twitter encourages non-Twitter Blue subscribers to consider using an authentication app or security key method instead, as these methods are more secure and require physical possession of the authentication method. The statement also clarifies that disabling text message 2FA does not automatically disassociate a phone number from a Twitter account, but instructions to update the account phone number are available on the Twitter Help Center.
So, if you don’t add a new authentication method, Twitter will ultimately completely stop 2FA for your account. Here’s how to make the change before Twitter stops enabling it.
Download Authenticator App or Purchase a Security Key
An authenticator app or a security key are the two alternative options/solutions to SMS 2FA that you can use to add more security when signing into your Twitter account.
Use Authenticator App
Have you heard of authenticator apps like TOTP Authenticator, Google Authenticator, and Microsoft Authenticator? They generate one-time passwords (OTP) that change now and then, which you can use to log in to your accounts on the web. Unlike SMS 2FA, you won’t find these codes in your text messages but in the app itself.
The soundest thing is that these codes change frequently, so you have to be quick in entering them. This might sound like a hassle, but it’s truly safer than SMS 2FA. Because hackers find it more difficult to access the physical device where the authenticator app is installed. So, it’s not entirely immune to attacks, but it’s a pretty good security measure.
In this tutorial, we will guide you on how you can enable the Authenticator app through Twitter with just a few simple steps.
Also, it is better to download and set up an Authenticator app beforehand just for your convenience. You can download it from the attached links of Google Authenticator, Microsoft Authenticator, or Authy Authenticator.
In addition to that, there is a built-in 2FA code generator in iOS which you can enable by your system Setting > Password > Setup Verification Code. By clicking on it you can easily set up your verification key.
Now, let’s move on to how you can enable the Authenticator App option on Twitter.
Here’s how you can do it:
Step 1: First, you need to hop on to your Twitter account. Then go to the Setting and Support option.
Step 2: In the drop-down menu, select Setting and privacy
Step 3: In the Setting and privacy window, go to Security and account access and select Security.
Step 4: After selecting Security, you will see the Two-factor authentication option in the Window, simply click on it. There you will see 3 option Text message, Authentication app, and Security key. As you can see the Text message option is still there but it will be removed after the specified date. Now, just check the box beside the Authentication app option.
Step 5: After you check the box you will see a Get Started Prompt. Click on that option. There you will see a QR Code. You have to scan this QR Code to link the app to your Twitter account.
Tip: On the built-in iOS app you will see the Scan QR code option once you click on the Setup Verification Code. From there you can easily scan it.
Step 6: Now, head to the Authenticator app on your phone. Tap on the button that lets you scan a picture (QR Code). Scan the code on your screen. This will connect your account to your app.
Step 7: Go back to Twitter. Tap Next, type the code that your app shows you, and tap Confirm.
Step 8: On the next screen, Twitter will give you a code that you can use only once; keep it somewhere safe in case you can’t reach your phone or app.
Also Read- How To Delete Twitter Account Permanently
In place of an authenticator app, a security key presents itself as a viable alternative. These physical hardware devices can plug into your computer when logging in or connected to your phone. It is important to note that security keys are deemed the most secure form of 2FA because an attacker must physically possess the key to gain access to your account. In contrast, attackers have the capability of deceiving users into revealing generated six-digit authentication codes.
As soon as you buy the Security key. Navigate to Two-factor authentication and select the Security key from the menu. To add the security key to your account, simply tap on the option (Add Key) after inserting it into your computer’s USB port or syncing it with your smartphone over Bluetooth or NFC.
Also Read- Tips To Protect Your Privacy On Twitter
To sum up, Twitter’s decision to remove SMS 2FA for non-Twitter Blue subscribers is a controversial move that may affect many users’ security and privacy. However, there are still ways to keep your account secure without having to pay for the privilege. You can use an authenticator app or a security key as alternative methods of 2FA. As these are more reliable and resistant to attacks. You can also follow some best approaches. This includes using a strong password, updating your account settings, and being wary of phishing attempts. By doing so, you can enjoy Twitter without worrying about losing access to your account or compromising your personal information.