Twitter will charge users for text-message authentication

 Twitter will charge users for text-message authentication

Non-subscribers will no longer be able to use text-message two-factor authentication (2FA).

2FA adds an extra layer of security to online accounts beyond passwords by double-checking the identity of the person logging in.

Texting a code to users or using an authenticator app are two common methods.

However, the Twitter Support account tweeted on Saturday that only Twitter Blue subscribers would be able to use text-message authentication beginning March 20.

Some text messaging Users of 2FA also received an in-app notification to remove the method before the deadline to avoid losing access to their accounts.

Elon Musk, the owner and CEO of Twitter, tweeted that its authenticator app, which would remain free, was more secure.

Twitter was "scammed" by phone companies and was paying more than $60 million (£49 million) per year for "fake 2FA SMS messages," he told a critic of the move.

Twitter announced on its blog that "bad actors" had abused the method.

"We encourage non-Twitter Blue subscribers to use an authentication app or security-key method instead," the company said.

"These methods require you to have physical possession of the authentication method and are an excellent way to ensure the security of your account."

However, security expert Rachel Tobac called the move "nerve-wracking," citing a July 2022 Twitter report that showed only 2.6% of active Twitter accounts had 2FA enabled between July 2021 and December 2021, but of those:

1- Text messaging was used by 74.4% of respondents.

2- 28.9% used an authentication app.

"All of us in security want people to use a great form of [multi-factor authentication] to protect their account," Ms Tobac wrote on Twitter, "but auto-unenrolling users who already signed up for SMS 2FA because they didn't pay exposes them to risk."

SMS 2FA, according to experts, is less secure than authenticator apps.

But it remained popular because it was simple to use, according to Prof Alan Woodward of the University of Surrey.

"I'd rather people used something than nothing, which is what the less tech-savvy may be tempted to do," he told BBC News.

"I understand Elon Musk's desire to reduce costs in the business, but effectively discouraging 2FA for many users appears to be a dreadfully short-sighted false economy."