In February 2023, a bombshell announcement shook the Twitter world. In a move designed to encourage users to upgrade to its premium Twitter Blue account, Twitter announced that effective March 20, two-factor authentication (2FA) through text message would be removed for non-paying customers. This raised several security concerns – the most immediate being that the only barrier to entry of these accounts would soon be a single, easily guessable password.
Two-factor authentication is a security feature whereby users are required to validate a login attempt with something they possess (typically a code sent via SMS text message) and something they know (the password). It’s designed to add an extra layer of security to users’ accounts and protect against hackers who may have obtained their username and password. Without 2FA, a hacker who manages to get access to the user’s credentials will be able to immediately log in and take control of that account, which is obviously a major security risk.
However, by removing 2FA from non-paying accounts, Twitter has taken away an important layer of security from millions of users. While the company may point to their subscription-based features as reasons to upgrade, this misses the point of why users prioritize their security. Twitter should be ensuring that all of its users, regardless of their payment status, have access to optimal security settings, not making it a privilege for those who can pay.
Another issue is that even with 2FA enabled, SMS text message authentication still isn’t all that secure. Text messages can be intercepted, meaning that a savvy hacker could intercept the text message code and gain access to the user’s account in a matter of seconds. The best way to ensure optimal security is to replace the SMS codes with a dedicated two-factor authentication app, like the Google Authenticator or the app provided by Authy. Not only do they make it much harder for a hacker to get access, they also provide an extra layer of security in the case of a SIM swap attack.
While Twitter may be trying to push users to upgrade to its premium offering by dangling extra features in front of them, its lack of consideration for user’s security is unacceptable. If Twitter wants to offer a premium offering and entice users to upgrade, it should do so by providingincreased security for those users, not degrading security for all users by removing the most basic of security features.
At the end of the day, it’s up to the user to decide how secure they want their account to be. For those users who don’t want to pay for Twitter Blue, the best option is to use a two-factor authentication app, like Google Authenticator or Authy. There are also other options such as using a hardware token or a Biometric option. These will provide an extra layer of security which will make it much harder for hackers to access the account, and should be considered as an alternative to premium accounts.
In a world where cyberattacks are becoming more and more sophisticated and hackers are constantly searching for new ways to infiltrate users accounts, it’s essential that users take all possible steps to safeguard their accounts. By removing SMS text message two-factor authentication and making it a premium feature, Twitter is inadvertently risking the security of its customers and is recommending users downgrade their security for the sake of money.
It’s understandable that Twitter wants to push users to upgrade to its premium offering, but doing so at the expense of user’s security is a huge mistake. If Twitter wants to encourage customers to upgrade, it can do so by providing additional features and allowing those customers to opt-in to more secure authentication, not degrading their security overall.
Protecting yourself from hackers should be a top priority for all Twitter users, whether they are paying customers or not. While two-factor authentication is an important security feature, it doesn’t guarantee total security, and users should supplement this with other forms of authentication such as using a hardware token or a biometric method. Doing so will ensure that even if hackers manage to get access to your username and password, they won’t be able to penetrate your account. Ultimately, it’s up to each user to determine how they want to protect themselves.
In the wake of Twitter’s shift toward charging for text message-based two-factor authentication, it’s evident that the company has placed its profits ahead of user safety. It’s understandable why Twitter would want to incentivize users to upgrade to its premium offering, but it should not do so by removing features that are essential for account security. Twitter users should take it upon themselves to protect their accounts by setting up extra layers of security, such as two-factor authentication through a dedicated authenticator app, which will provide them with improved protection and make it much harder for hackers to access their accounts.
