Saturday, July 20, 2024

Twitter discontinues text message two-factor authentication for non-Blue subscribers

In a controversioal move, twitter has recently announced that it is discontinuing the use of text message two-factor authentication for all users, except for those who subscribe to Twitter Blue. This means that users who have relied on SMS-based two-factor authentication to protect their accounts will now need to switch to an authentication app in order to continue accessing their Twitter accounts.

The decision to remove text message two-factor authentication has been made with the aim of improving the overall security of the platform, as SMS-based authentication is considered to be less secure than other methods such as authentication apps or security keys.

Twitter has urged users who currently have text message two-factor authentication enabled to remove it by March 19, 2023, or risk losing access to their accounts. However, the company has assured users that the process of switching to an authentication app is a simple and quick one.

It is important to note that users will still be able to use other two-factor authentication methods, such as authentication apps or security keys, to protect their Twitter accounts. The removal of text message two-factor authentication does not affect these methods.

What is more Secure Text message 2fa or Application 2FA

When it comes to security, authentication apps are generally considered to be more secure than text message two-factor authentication. This is because text messages can be intercepted or redirected, leaving accounts vulnerable to unauthorized access. In contrast, authentication apps use a time-based code that is generated locally on the user’s device, making it more difficult for malicious actors to intercept or gain access to the code. As a result, Twitter’s decision to discontinue text message two-factor authentication in favor of authentication apps is a positive step towards improving the overall security of the platform.

Recommended:  Mandiant Allegedley Hit by Ransomware Attack

While some Twitter users have expressed concern about the added expense of subscribing to Twitter Blue in order to retain access to text message two-factor authentication, it is important to note that authentication apps are typically free and widely available on both iOS and Android devices.

According to a blog post by twitter:
“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.”


Twitter’s decision to remove text message two-factor authentication is a positive step towards improving the security of the platform. Users who have relied on this method of authentication are strongly advised to switch to an authentication app in order to avoid losing access to their accounts. By doing so, they can rest assured that their accounts are protected by a more secure and reliable method of authentication.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base


Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Recommended:  Brute-Forcing Two-Factor Authentication | Exploiting Authentication and Access Control Mechanisms with Burp Suite [FREE COURSE CONTENT]
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates