Twitter blog post states that the 2FA method will simply be disabled on March 20 if users don’t adjust it before then. (File Photo)
Some experts believe that SMS-based 2FA is not the best form of security, and removing it as a free option may highlight how much Twitter values security and its users. This is because attackers can intercept texts by hijacking targets’ phone numbers or using other techniques
Twitter users are complaining and are confused about a notification stating “you must remove text message two-factor authentication” on their handle. The company had announced it in a blog post in February but some users are still trying to understand their options.
Twitter stated in its blog post that the platform will only allow users to secure their accounts with SMS-based two-factor authentication if they subscribe to Twitter Blue. So, as the last day approaches on March 20, the new changes are worrying social media users.
First of all, it needs to be understood that, according to Twitter, the SMS 2FA has been used and abused by bad actors, which is apparently costing Twitter about $60 million per year.
However, in the notification, the users are seeing a text saying “only Twitter Blue subscribers can use the text message 2FA method. It’ll just take a few minutes to remove it. You can still use the authentication app and secure key methods”.
Some experts believe that SMS-based 2FA is not the best form of security, and removing it as a free option may highlight how much Twitter values security and its users. This is because attackers can intercept texts by hijacking targets’ phone numbers or using other techniques.
But some also criticised it saying this is a poor PR stunt by Twitter head Elon Musk to get more Blue Tick users. Also, according to some experts, using SMS 2FA is far superior to having no second authentication factor enabled.
Some researchers earlier also expressed concern saying that Twitter’s policy change will confuse users by giving them not enough time to transition and making SMS two-factor appear to be a premium feature.
What Should Be Done?
Go to Settings and Support, then select Settings and Privacy, followed by Security and Account Access, Security and Two-factor authentication. The users have to uncheck the box next to text messages on the web or mobile.
After following this process, the account’s two-factor authentication will be disabled. If anyone tries to add SMS as a 2FA option without first signing up for Twitter Blue, they will be prompted to select an authenticator app or security key.
Users can install a preferred authenticator app, such as Google Authenticator, which is the most prominent third-party app used for 2FA. Then, on Twitter, users can go to Settings and Privacy, followed by Security and account access, Security, Two-factor authentication and Authentication app. The users then have to enter the password and click Confirm to proceed.
This is currently the most convenient way to make sure that users have another layer of security for their Twitter accounts.
However, what will happen if users do not disable SMS two-factor by the new deadline is unknown. Users, who still have SMS 2FA enabled when the change takes effect on March 20, will be locked out of their accounts, according to an in-app message.
But the blog post states that the 2FA method will simply be disabled on March 20 if users don’t adjust it before then.
“Disabling text message 2FA does not automatically disassociate your phone number from your Twitter account. If you would like to do so, instructions to update your account phone number are available on our Help Center,” it added.
However, while there is still some confusion, some believe that if users don’t do anything to add security layers, probably nothing much will happen and people will still be able to use Twitter. But probably it will significantly increase the likelihood of having the Twitter account hacked.
Read all the Latest Tech News here