Twitter in February 2023 announced that text message two-factor authentication (2FA) is set to become a premium feature for Twitter Blue accounts. Here's why the company's logic behind the decision doesn't make any sense from a security perspective, and why you don't need the feature anyway.

Twitter Feature
Twitter has said that it will soon be removing text message-based 2FA from non-paying accounts and turning it into a feature that will only be available to subscribers of its premium Twitter Blue offering, which costs $8 per month. This means that any users who don't pay for a Blue subscription and rely on Twitter to send them an SMS text message code to complete the login process will have the feature turned off and removed from their accounts by March 20. Their account password will become the only barrier to access.

Aside from purely financial reasons (presumably it costs Twitter to send you a text), making text-based 2FA a paid-for perk is an odd decision on Twitter's part.

Twitter has justified the policy change by saying, rightly, that SMS 2FA can be abused by bad actors. And there have indeed been "SIM swap attacks" where hackers convinced cell providers to assign a victim's phone number to a device they control, and by taking control of a person's phone number, the hacker can impersonate the victim, as well as receive text message codes to their account. But making SMS 2FA available only to Twitter Blue subscribers simply makes them more susceptible to attacks of this nature.

Twitter says that it is "committed to keeping people safe and secure on Twitter," and it's true that SMS 2FA is better than no 2FA at all, but its policy does nothing to encourage users to switch to a more secure form of 2FA – perhaps because doing so means paying Twitter absolutely nothing.

Switching to App-Based 2FA is the Solution

Rather than rely on SMS-based 2FA, Twitter users should be using a mobile authentication app, like Duo, Authy, or Google Authenticator, or the password authenticator built-in to iOS. App-based 2FA is a far more secure alternative, as it never leaves your device and doesn't involve you receiving a code sent to your phone via text message.

To use this method to secure your Twitter account, first ensure that you have your authenticator app of choice installed on your iPhone. Then follow these steps:

  1. Launch the Twitter app or log in to the Twitter website.
  2. Go to your account's Settings and privacy, found in the Settings and Support dropdown menu.
  3. Select Security and account access -> Security.
  4. Select Two-factor authentication.
  5. Check the mark next to Authentication app.
  6. Follow the prompts, entering your account password when requested.

twitter 2fa

When you've completed the above steps, you should be able to log in to your Twitter account using your password, accompanied by a code generated by your authenticator app. Just be sure to keep a backup of your codes – if you don't have one and you lose your phone, you'll find it a lot harder to access your 2FA accounts.

Tag: Twitter

Top Rated Comments

contacos Avatar
contacos
19 months ago
I kept mine secure by deleting it. You should try it sometime. It’s also great for one’s mental health (sounds more serious than it is). I used to engage with strangers, which always put me in a bad mood afterwards. Now that I deleted it, I am like why did I care what strangers were thinking! So silly
Score: 36 Votes (Like | Disagree)
senttoschool Avatar
senttoschool
19 months ago

I kept mine secure by deleting it. You should try it sometime. It’s also great for one’s mental health (sounds more serious than it is). I used to engage with strangers, which always put me in a bad mood afterwards. Now that I deleted it, I am like why did I care what strangers were thinking! So silly
Now you spend that time engaging with strangers on Macrumors.
Score: 18 Votes (Like | Disagree)
marcinsf Avatar
marcinsf
19 months ago
much easier solution - don't use twitter.
It's free and doesn't cost anything to not use twitter :)
Score: 11 Votes (Like | Disagree)
judgeFire Avatar
judgeFire
19 months ago
In recent OS releases, the Settings > Passwords options include setting up Keychain based 2FA without the need for a third party app. It can also pop up the code when required, if it senses the field in question is for that. The SMS autofill is more consistent, tho
Score: 10 Votes (Like | Disagree)
adammusic Avatar
adammusic
19 months ago
I feel like nobody knows about iOS built in 2fa.
Score: 9 Votes (Like | Disagree)
andrewxgx Avatar
andrewxgx
19 months ago
the fact that twitter is looking at cutting cost of sending auth SMSes is telling you a lot of how bad things are up there
they basically look for spare change between couch cushions
Score: 7 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article136 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
Read Full Article492 comments
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Read Full Article66 comments
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...
Read Full Article38 comments
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
Read Full Article133 comments