Two-factor authentication offers an extra layer of protection for online accounts. It requires that users show a second form of identification to verify their identity.

“While historically a popular form of 2FA, unfortunately, we have seen phone-number based 2FA be used – and abused – by bad actors,” Twitter said in a Wednesday statement. “We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead.”

Until now, the company has offered three types of two-factor authentication: via authentication app, security key, or text message. Sean Hollister, the senior editor of The Verge tech news website, has described the text as “Twitter’s worst form of authentication” and its “least secure.”

Under the planned change, text-based authentication will be limited to Twitter Blue subscribers.

Twitter Blue is the paid subscription service – launched shortly after Elon Musk took over the platform – that allows accounts to receive a “verified” checkmark for a monthly fee: $11 for IOS users or $8 for those on Android devices.

Non-paid users have until March 20 to disable the text message method.

“This Twitter 2FA change is nerve-racking,” tweeted Rachel Tobac, chief executive of SocialProof Security, a cyber security firm.

Seventy-four percent of Twitter users who use two-factor authentication confirm their identity by text message, according to a report by Twitter. And only about 3% of Twitter users even have two-factor authentication turned on to begin with, according to the report, which tracked usage between July 2021 and December 2021.

News Source: NY Daily News