Your Twitter Account May Be Vulnerable Now that 2FA is Gone.

Elon Musk just turned off Two-Factor Authentication for nearly 368 million users. Were you affected?

Twitter Top Bird Elon Musk announced recently that the company will be limiting SMS-based two-factor authentication to premium Twitter Blue subscribers beginning March 20th. It comes on the heel son the realization that Twitter is losing millions a day and may be facing bankruptcy if it can not trim the fat.

Rule #1: Never charge for something that was previously free https://t.co/abRu87zf7x

— Marques Brownlee (@MKBHD) February 18, 2023

Profits Over Security

SMS-based Two Factor Authentication functions by sending a text message to a user with either a link or code to input. Users then click the link or input the code as an additional form of secure log-in. However, there is a hidden cost to this message: The SMS message itself. While end users almost never experience this in the modern phone world, SMS messages do have a per text fee! Twitter is currently fronting these costs for the SMS-based Two Factor Authentication.

Musk has decided that this cost is not worth the additional security provided to many of its 368 million active monthly users and has decreed that profits trump account security at today’s Twitter.

Actually Secure?

Then Musk added a surprisingly counterintuitive twist to the entire debacle: authentication apps will continue to remain free:

Use of free authentication apps for 2FA will remain free and are much more secure than SMS https://t.co/pFMdxWPlai

— Elon Musk (@elonmusk) February 18, 2023

Moreover, Musk claims that the authentication apps are much more secure than SMS (which holds true as SMS SIM card scams are common and lead to account vulnerabilities). One must question the business decision here however: premium Twitter Blue subscribers will continue to have free access to an authentication service with known vulnerabilities that the boss openly admits is less secure? Perhaps it would have been better to simply discontinue SMS-based two factor authentication and migrate all users to authentication apps.

So What Should Users Do?

To best secure your Twitter account, remain enrolled in two factor authentication. Two factor authentication stops the modern hacker’s most common tool: the brute force attack. Even if an intruder manages to guess your username and password combo, they will not gain access to your account. Two use the most secure two factor authentication: convert to an authentication app or use a security key. These apps, such as OKTA verify, allow you to continue using Two Factor Authentication without the vulnerabilities of SMS.

Security keys can be even more secure when used properly. Security keys are physical devices that must be plugged into your computer to log in to the sight.

How to Migrate to Authentication Apps or Security Keys

Navigate to the security and account access tab of Twitter Settings:

Then click on Security and select Two-factor authentication:

Finally, select either Authentication App or Security Key and follow the provided prompts to secure your account!