Twitter recently announced another controversial change to the website, drawing even more criticism from its users. This change will affect those who are using the website for free, removing an important security feature. More specifically, the website will be removing the ability for users to use two-factor authentication via text messaging/SMS services, which will be in effect starting next month. As a result, this has resulted in another round of criticism from users, which is a part of the mountain of controversies that have emerged since Elon Musk became the CEO of Twitter.

After Elon Musk's buyout of Twitter in 2022, the reception and user base have been endlessly pessimistic about its future. This ranges from mockery of its CEO, the Twitter Blue subscription service, layoffs, and many other controversies. As such, many have taken Musk to become the punchline of its userbase, especially with revelations such as the site being forced to auction off furniture, or Musk setting a world record for losing money after his purchase of Twitter. This change is another one that has drawn criticism, especially from a security point-of-view.

This new change will take effect on March 20, 2023, where only Twitter Blue users will be able to use text messages as a two-factor authentication, with free users being forced to use an authentication app or security key for 2FA. While 2FA isn't required for logging into Twitter, it is highly encouraged to be turned on. That being said, many users lambasted this change, with the only way to use this simple security feature is through a paywall. Users cited that no other website has charged its users to use one of its most basic security features.

To be clear, two-factor authentication is still not required to log into Twitter, although we highly encourage users to enable it. This change just restricts the 2FA methods available for accounts not subscribed to Twitter Blue.

— Twitter Support (@TwitterSupport) February 18, 2023

A cybersecurity awareness expert, Rachel Tobac, also commented on this Twitter change in a detailed thread, listing the major issues with this implementation. More specifically, since only 2.6% of the site's users have enabled 2FA, with 74.4% of these users relying on SMS/text-messaging as the authentication method. She states that locking essential security features, especially the one used and understood the most by those who are using those features through a paywall, is a poor move. Tobac adds those who automatically lose access to these features will allow for a greater hacking risk in the future once March rolls around.

Coupling essential security features with the requirement to pay, esp for the most used option of SMS 2FA, is not the right move.

Should higher threat model folks use app-based MFA/keys? YES!

Should we require all folks to PAY or lose out on the 2FA they already enrolled in? No

— Rachel Tobac (@RachelTobac) February 18, 2023

Is it the dream of every security professional that we get folks enrolled in strong MFA? Yes!
Do we hope they use app-based MFA at a minimum or keys? We would love that!
Is de-enrolling those who use SMS 2FA unless they pay the right way to educate & improve security? It’s not.

— Rachel Tobac (@RachelTobac) February 18, 2023

Other users were vocal about this controversial Twitter policy, many theorizing that Musk is getting "desperate" for users to join the Twitter Blue subscription service as a method to offset the massive losses he's suffered since buying Twitter.

Posted: Feb 21, 2023 8:56 pm
Related Forum: Gaming Discussion

Source: https://gamerant.com/twitter-2fa-text-message-sms/