Twitter in February 2023 announced that text message two-factor authentication (2FA) is set to become a premium feature for Twitter Blue accounts. Here's why the company's logic behind the decision doesn't make any sense from a security perspective, and why you don't need the feature anyway.

Twitter Feature
Twitter has said that it will soon be removing text message-based 2FA from non-paying accounts and turning it into a feature that will only be available to subscribers of its premium Twitter Blue offering, which costs $8 per month. This means that any users who don't pay for a Blue subscription and rely on Twitter to send them an SMS text message code to complete the login process will have the feature turned off and removed from their accounts by March 20. Their account password will become the only barrier to access.

Aside from purely financial reasons (presumably it costs Twitter to send you a text), making text-based 2FA a paid-for perk is an odd decision on Twitter's part.

Twitter has justified the policy change by saying, rightly, that SMS 2FA can be abused by bad actors. And there have indeed been "SIM swap attacks" where hackers convinced cell providers to assign a victim's phone number to a device they control, and by taking control of a person's phone number, the hacker can impersonate the victim, as well as receive text message codes to their account. But making SMS 2FA available only to Twitter Blue subscribers simply makes them more susceptible to attacks of this nature.

Twitter says that it is "committed to keeping people safe and secure on Twitter," and it's true that SMS 2FA is better than no 2FA at all, but its policy does nothing to encourage users to switch to a more secure form of 2FA – perhaps because doing so means paying Twitter absolutely nothing.

Switching to App-Based 2FA is the Solution

Rather than rely on SMS-based 2FA, Twitter users should be using a mobile authentication app, like Duo, Authy, or Google Authenticator, or the password authenticator built-in to iOS. App-based 2FA is a far more secure alternative, as it never leaves your device and doesn't involve you receiving a code sent to your phone via text message.

To use this method to secure your Twitter account, first ensure that you have your authenticator app of choice installed on your iPhone. Then follow these steps:

  1. Launch the Twitter app or log in to the Twitter website.
  2. Go to your account's Settings and privacy, found in the Settings and Support dropdown menu.
  3. Select Security and account access -> Security.
  4. Select Two-factor authentication.
  5. Check the mark next to Authentication app.
  6. Follow the prompts, entering your account password when requested.

twitter 2fa

When you've completed the above steps, you should be able to log in to your Twitter account using your password, accompanied by a code generated by your authenticator app. Just be sure to keep a backup of your codes – if you don't have one and you lose your phone, you'll find it a lot harder to access your 2FA accounts.

Tag: Twitter

Top Rated Comments

contacos Avatar
contacos
16 months ago
I kept mine secure by deleting it. You should try it sometime. It’s also great for one’s mental health (sounds more serious than it is). I used to engage with strangers, which always put me in a bad mood afterwards. Now that I deleted it, I am like why did I care what strangers were thinking! So silly
Score: 36 Votes (Like | Disagree)
senttoschool Avatar
senttoschool
16 months ago

I kept mine secure by deleting it. You should try it sometime. It’s also great for one’s mental health (sounds more serious than it is). I used to engage with strangers, which always put me in a bad mood afterwards. Now that I deleted it, I am like why did I care what strangers were thinking! So silly
Now you spend that time engaging with strangers on Macrumors.
Score: 18 Votes (Like | Disagree)
marcinsf Avatar
marcinsf
16 months ago
much easier solution - don't use twitter.
It's free and doesn't cost anything to not use twitter :)
Score: 11 Votes (Like | Disagree)
judgeFire Avatar
judgeFire
16 months ago
In recent OS releases, the Settings > Passwords options include setting up Keychain based 2FA without the need for a third party app. It can also pop up the code when required, if it senses the field in question is for that. The SMS autofill is more consistent, tho
Score: 10 Votes (Like | Disagree)
adammusic Avatar
adammusic
16 months ago
I feel like nobody knows about iOS built in 2fa.
Score: 9 Votes (Like | Disagree)
andrewxgx Avatar
andrewxgx
16 months ago
the fact that twitter is looking at cutting cost of sending auth SMSes is telling you a lot of how bad things are up there
they basically look for spare change between couch cushions
Score: 7 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 18 Siri Integrated Feature

iOS 18 Rumored to Add These 10 New Features to Your iPhone

Wednesday April 24, 2024 2:05 pm PDT by
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Read Full Article
Apple Silicon AI Optimized Feature Siri

Apple Releases Open Source AI Models That Run On-Device

Wednesday April 24, 2024 3:39 pm PDT by
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Read Full Article86 comments
maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article280 comments
apple id account

Apple ID Accounts Logging Out Users and Requiring Password Reset

Saturday April 27, 2024 12:41 am PDT by
There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again. Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in again they are locked out of their account and asked to reset their password in order to regain access. ...
Read Full Article305 comments
macbook pro purple february

Best Buy Introduces Record Low Prices on Apple's M3 MacBook Pro for Members

Thursday April 25, 2024 7:41 am PDT by
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
Read Full Article44 comments
macos sonoma feature purple green

Apple's Regular Mac Base RAM Boosts Ended When Tim Cook Took Over

Friday April 26, 2024 6:34 am PDT by
Apple used to regularly increase the base memory of its Macs up until 2011, the same year Tim Cook was appointed CEO, charts posted on Mastodon by David Schaub show. Earlier this year, Schaub generated two charts: One showing the base memory capacities of Apple's all-in-one Macs from 1984 onwards, and a second depicting Apple's consumer laptop base RAM from 1999 onwards. Both charts were...
Read Full Article399 comments