Double authentication systems are essential to ensure the security of online accounts. Thanks to them, if hackers get hold of our passwords, they will not be able to log in as they do not have the random key that we should receive on our mobile phone.
Twitter has allowed this double authentication system for many years now. We currently had two ways of using it: through SMS, the option most chosen by users, and through a third-party system such as Google Authenticator. As of today, the conditions for using these security measures have changed.
Double SMS authentication for paid users only
This same weekend Musk has announced that SMS double authentication systems become a paid feature only available to Twitter Blue users. This means that, if we want to be able to receive the access code by SMS, we will have to pay our subscription to the social network.
This change takes effect on March 20, so Twitter users who use this function and are not Blue have a month to change their settings and switch to the other double authentication system if they do not want to be left without account access. .
70% of users who use double authentication systems, 2FA, on Twitter use the SMS method. And, as Elon Musk assures in a recent message, the false login SMS are generating losses for the company of 60 million dollars annually. Although it will be a few million less…
@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages
February 18, 2023 • 18:27
This change is good news for non-paying users
So why is this good news? Double authentication by SMS is not only more inconvenient, since it forces us to have coverage to receive an SMS, but it is insecure. There are very simple techniques, such as SIM swapping, which can allow a hacker to take control of the SIM, receive SMS on your behalf, and log in to the social network.
Instead, the alternative, which is use Google Authenticator, it is much simpler and safer. Through an app, such as Google’s own, Microsoft Authenticator, or Authy, we register the device and generate the codes from the mobile phone, whether or not we have coverage or Internet. These systems, unless our mobile is stolen, are impossible to break, so our security is much better.
In addition, Twitter Free users will also be able to use another even more secure security measure: security keys. In this way, we can use devices such as Google Titan or Yubikey as double authentication systems to log in to these social networks.
Obviously, Elon Musk had two clear intentions when removing this feature: save money and force users to make their accounts more secure. And if you want insecurity, at least you’ll pay for Twitter Blue.