Twitter users without a subscription will no longer be able to secure their login via SMS. While the community suspects that the news service wants to use it to advance its payment model, owner Musk gives a different reason.
In the future, Twitter will only allow paying subscribers to use text messages on their mobile phones (SMS) to secure their accounts. This was announced by Twitter in a blog entry. Unfortunately, it was found that the account security via SMS and the associated telephone numbers had been used - and abused - by malicious actors. "As a result, starting today, we will no longer allow accounts to sign up for the SMS method of 2FA (two-factor authentication) unless they are Twitter Blue subscribers."
However, Twitter users still have the option to use an authenticator app or security key to secure the account. The change was not well received by the Twitter community. Many users suspected that the change was just an attempt by Elon Musk to promote the switch to the Twitter Blue subscription.
Twitter owner Musk indirectly justified the change in the guidelines by accusing unspecified telecommunications companies of abusing the SMS system. He confirmed a report that these companies had used robot accounts to boost 2FA SMS sending. Twitter has to bear the costs for the SMS. You lose $60 million a year to fraudulent text messages. In a tweet, Musk confirmed these statements with a short "yup".
However, security experts can also see something positive in the elimination of the SMS method for two-factor authentication. Among the various 2FA methods, SMS is the weakest method. Frank Rieger, spokesman for the Chaos Computer Club, explained that Twitter's motive for only allowing paying users to use SMS-based two-factor authentication was obviously of a financial nature: "SMS costs money". "But in the end, it can actually improve security by pushing users towards better authentication methods." Attacks on the SMS method are real.
