Zoe Schiffer of Platformer tweeted a breaking news story last night that Twitter would be implementing charges for SMS-based two-factor authentication (2FA). This has now been confirmed by Twitter itself through an official announcement.
Users will now be required to pay for Twitter’s basic secure authentication method. If you do not upgrade to Twitter Blue (which costs $8 per month on Android and $11 per month on iOS) or switch to a more dependable authenticator app or physical security key, your 2FA authentication will be disabled by Twitter after March 20th.
Most people may just get rid of SMS as a means of authentication as a result, considering the prevalence of SIM swap hacks these days. Even Twitter’s former CEO, Jack Dorsey, fell victim to this technique four years ago. The last thing you want is for someone to gain access to your accounts simply because they’ve stolen your phone number and can pose as you.
While Twitter is using this justification for the change, it wouldn’t be surprising if there is a more straightforward reason for it: sending SMS messages costs money, and Twitter is currently facing financial challenges. In fact, the company had been gradually phasing out SMS even before Elon Musk became involved.
Cyber security expert Rachel Tobac highlights that according to Twitter’s transparency data from December 2021, only 2.6% of Twitter users had enabled 2FA, and of those users, 74% relied on SMS as their preferred authentication method.