In a recent announcement, Twitter has revealed that after March 2021, users will no longer be able to log into their accounts with SMS-based two-factor authentication (2FA). Instead, they will be required to use the more secure app-based two-factor authentication.
The Move to Improve Security
This move comes as part of an effort to provide users with stronger security. SMS-based two-factor authentication is not secure enough to protect users’ accounts. It is easily susceptible to SIM-swapping attacks and other forms of social engineering. This can lead to remote hijacking of user accounts, exposing private information and allowing malicious actors to access the accounts without the user knowing.
App-based two-factor authentication is a more secure alternative. It requires users to download an authentication app, like Google Authenticator, Authy, or Duo Mobile, and generate a code each time they log in. This code is then used to authenticate the user’s identity and provide an additional layer of security.
Twitter’s Solution for Insecure 2FA
Twitter has realized that many users rely on SMS-based two-factor authentication, and are likely unaware of the security risks associated with this method. To give users time to adjust, Twitter is now offering a “grace period”, allowing users to keep using SMS-based two-factor authentication for three more months.
However, there is a caveat. Twitter has not made this grace period available to all users, but rather, only to users who agree to pay a fee. The fee will vary depending on the user’s account size and access level. For example, accounts with more than 10,000 followers will pay a one-time fee of $25, while accounts with more than 100,000 followers will pay a one-time fee of $60.
What About Users Who Refuse to Pay?
The grace period only applies to users who agree to pay the fee. However, Twitter has not specified what will happen to users who choose not to pay. It is possible that Twitter will still revoke access to SMS-based two-factor authentication for these users, leaving them vulnerable to attack.
Twitter has also stated that refunds will only be available to users who request them before the grace period ends. This means that users who do not pay the fee before the grace period ends and then decide to switch to app-based two-factor authentication, will not be eligible for a refund.
The Bottom Line
Twitter’s move to improve security is a step in the right direction. However, users should be aware of the issues surrounding SMS-based two-factor authentication, and be prepared to switch to an app-based system. For those users who need a bit more time, the grace period is available – but only for those who are willing to pay the fee.
Share this article to help spread awareness about the importance of account security on social media and stay safe online!