Free SMS two-factor authentication is ending on Twitter. But there are other free options to secure your account.
Twitter recently shocked many of its users by announcing it will begin charging for text-message two-factor authentication (2FA).
From today (March 20), users who wish to continue using text-message 2FA will need to have subscribed to Twitter Blue’s $8 (€8) monthly subscription. The paywall might discourage many from taking this extra security step, and could put accounts at risk.
When it announced its decision last month, Twitter encouraged non-subscribers to opt for other 2FA methods.
The company said that while it had been historically popular, 2FA based on phone numbers had been “used - and abused - by bad actors”. In a tweet, the platform’s owner and CEO Elon Musk also claimed that “Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages”.
Why is 2FA important?
Two-factor authentication is a security method that helps check the user's identity beyond passwords. Common methods include texting users a code or using an authenticator app.
It is important to note that the Twitter 2FA security check will still be free and accessible to all users, however receiving the code in a text message won’t.
While not all users will be willing to pay for a 2FA text message, it is still important to use something rather than nothing. From external apps to hardware, there are easy ways of adding that extra layer of security to your Twitter account for free.
For instance, authentication apps such as Google Authenticator or Microsoft Authenticator generate one-time passcodes that can be used as the second factor in two-factor authentication.
These apps are even considered more secure than SMS authentication because they do not rely on text messages. Instead, the one-time passwords they generate change after a short period of time and are only found in the app, not in an SMS, making them more difficult for hackers to intercept.
Another option is to use security keys such as YubiKey or Google Titan, which are small hardware devices that provide a secure second authentication factor.
While security keys do require a physical key that needs to be inserted into your device to authenticate, they are considered one of the most secure forms of two-factor authentication.
Backup codes are also another great option to consider, specifically in case you lose access to your phone or other authentication methods.
Twitter allows you to generate backup codes that you can use as a second authentication factor. These codes can either be printed or saved in a secure place and used to sign in to your account.
How do I change my 2FA settings?
Changing your Twitter 2FA settings is easy. First, go to the settings page on the app or website and select “security and account access”. From there, select “security” then “two-factor authentication” and the method you prefer to start setting it up.
Although choosing a strong and unique password is the most important way to secure your Twitter account, enabling two-factor authentication is a crucial step to add that extra layer of security.
While SMS two-factor authentication is a common option, it's not always the most secure, and considering other free alternatives can offer better protection for your account.