Four hours ago, Platformer’s Zoe Schiffer tweeted a scoop: Twitter would begin charging for SMS two-factor authentication.
Now, it’s official: You have to pay for the privilege of using Twitter’s worst form of authentication. In fact, if you don’t start paying for Twitter Blue ($8 a month on Android; $11 a month on iOS) or switch your account to use a far more reliable authenticator app or physical security key, Twitter will simply turn off your 2FA after March 20th.
I know which one I would choose.
Good riddance to SMS is my feeling, given how common SIM swap hacks are these days. Heck, Twitter’s own Jack Dorsey was successfully targeted by the technique four years ago. You don’t want someone to get access to your accounts by proving they are you simply because they’ve stolen your phone number.
That’s how Twitter is trying to justify this change, too, but I wouldn’t be surprised if there’s a simpler reason: it costs money to send SMS messages, and Twitter does not have a lot of money right now. The company had been phasing out SMS even before Elon Musk took over.
Update, 10:22PM ET: As Rachel Tobac points out, Twitter’s own transparency data shows that as of December 2021, only 2.6 percent of Twitter users had 2FA turned, and 74 percent of those users were using SMS as their 2FA method.