Security checks via SMS will soon only be available to Twitter Blue customers.
(Photo: dpa)
San Francisco Twitter will now only allow paying subscribers to use text messages (SMS) for account backup. Twitter announced this in a blog post on Friday.
Unfortunately, it had to be discovered that the account backup via SMS and the associated telephone numbers had been used – and abused – by malicious actors. “That’s why, starting today, we will no longer allow accounts to sign up for the SMS method of 2FA (two-factor authentication), unless they are subscribers of Twitter Blue.“
However, Twitter users still have the option of using an authentication app or a security key to secure the account. The change was not well received in the Twitter community. Many users suspected that the change was just an attempt by Elon Musk to promote the switch to the Twitter Blue paid subscription.
Twitter owner Musk indirectly justified the policy change by accusing unspecified telecommunications companies of abusing the SMS system. He confirmed a report that these companies had used robot accounts to increase the sending of 2FA SMS. The cost of the SMS must be borne by Twitter.
You lose $60 million a year through fraudulent SMS. In a tweet, Musk confirmed these statements with a short “yup”.
However, security experts were also able to gain something positive from the elimination of the SMS method for two-factor authentication on Saturday. Among the various 2FA procedures, SMS is the weakest method. Frank Rieger, spokesman for the Chaos Computer Club, explained that Twitter’s motive for letting only paying users use SMS-based two-factor authentication is obviously of a financial nature: “SMS costs money”.
“But in the end, it can actually improve security by pushing users to better authentication methods.” Attacks on the SMS method are real.
More: Elon Musk plans to hand over the baton to Twitter at the end of 2023
