Over the weekend, Twitter announced that starting March 20, people who haven’t signed up for Twitter Blue will have two-factor authentication via SMS disabled.
Twitter has recommended people use third-party apps or a security key instead, but for the vast majority (74.4%) of the 2.6% of active Twitter users who use SMS as their authentication method, You will have a month to change. or potentially lose protection.
So what is two-factor authentication and what should you do to protect your social media account?
What is two-factor authentication?
Two-factor authentication (2fa) is a second step once you’ve logged into an online account with a password to prove you are who you say you are. It’s an added layer of security, so if your password is compromised, it will make it a bit more difficult for someone to access your account.
For SMS two-factor authentication and authenticator apps, a number or numbers are sent or provided to you to re-enter the website.
Most online services such as social media platforms, banks, and those used in workplaces now require or strongly recommend that people use 2fa on their accounts.
Why is Twitter moving away from SMS-based 2fa?
Twitter claims that SMS 2fa has been “used and abused by bad actors.” The company’s owner, Elon Musk, claims that this abuse is costing Twitter about $60 million a year.
While the company is correct that SMS-based authentication is not the best, it is not considered to be a lucrative venture for those who misuse it.
Why are other apps better than SMS for authentication?
Although no method is foolproof, SMS is much easier to compromise.
People can use what is called sim-jacking or sim-swapping to take over your mobile phone number, which can then be used to access your account. This is done by convincing or forcing a telecommunications company to transfer your mobile phone number to a new SIM card.
Some countries, including Australia, have introduced rules requiring telecommunications companies to properly verify who a person is before allowing them to transfer a mobile phone number to a new provider.
If I want a second layer of security on my Twitter account, what other options do I have?
One option is to use a third-party authenticator for 2fa, instead of Twitter’s own service. Google Authenticator is the most prominent third-party app used for 2fa. However, password management apps, including the one built into Apple’s iOS, now offer to act as authenticators for Twitter and other sites as well.
When you set up 2fa through the Twitter app on your mobile device, it will tell you where you can authenticate.
Another option is to use a security key, which is a USB drive that you insert into your computer that can be used to authenticate yourself when logging into websites. While most are USB-C or USB based, some can connect wirelessly or through Apple’s Lightning port. It’s a hardware option if you prefer not to use an authenticator app.
What should I change to?
Use what is most comfortable for you. If you’re already using a password manager and that app also offers 2fa, then it makes sense to stick with what you know.
Regardless of what you’re using, just make sure you enter the number in the correct place and never give the number to someone on the phone. Although the window for the code to be valid is short, if someone is trying to figure out your code and take over your account, they might still be able to if they work fast enough.
