Twitter has introduced that it is limiting the usage of SMS-based two-factor authentication (2FA) to its Blue subscribers.
“While traditionally a well-liked type of 2FA, sadly we have now seen phone-number based mostly 2FA be used – and abused – by dangerous actors,” the corporate mentioned.
“We will now not enable accounts to enroll within the textual content message/SMS methodology of 2FA until they’re Twitter Blue subscribers.”
Twitter customers who haven’t subscribed to Blue which have enrolled for SMS-based 2FA have time until March 20, 2023, to modify to another methodology equivalent to an authenticator app or a {hardware} safety key.
After this cutoff date, non-Twitter Blue subscribers may have their possibility disabled.
The various strategies “require you to have bodily possession of the authentication methodology and are a good way to make sure your account is safe,” Twitter famous.
Given that SMS has been the least safe type of 2FA, the newest enforcement is more likely to drive individuals to maneuver in direction of safe types of authentication.
According to Twitter’s personal knowledge, solely 2.6% of all energetic accounts have enabled a minimum of one type of 2FA. SMS accounts for 74.4%, adopted by authenticator apps (28.9%) and safety keys (0.5%).