Twitter 2.0 continues to evolve in ways that nobody could have predicted. Mostly because they’re bad, but nevertheless, maybe there’s a method to the madness that we can’t see.
Or maybe not.
The latest update from Elon and Co. is that Twitter is switching off SMS-based two-factor authentication for all non Twitter Blue subscribers from next month.
As explained by Twitter:
“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.”
That means that the most commonly used form of authentication, in order to keep your account safe from hacking, will now only be available to those willing to pay Twitter $8 per month.
Which, theoretically at least, means that Twitter can then trust that these people are actual humans, through its own verification process – though Twitter’s isn’t actually verifying the identities of people signing up for Twitter Blue. So it’s just the accounts of people that can afford, and are willing to pay.
“Non-Twitter Blue subscribers that are already enrolled will have 30 days to disable this method and enroll in another. After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled.”
So no more secondary protection on your account – instead, you’ll have to use an authentication app or security key instead. Both of which are less convenient. But Twitter seems to believe that bad actors are too easily able to abuse the current process. So it’s cutting them off, along with the many millions of people who aren’t misusing it.
Which seems like a pathway to more account hacks, and more issues with people losing access, which, overall, doesn’t seem to be a great direction for Twitter’s growth plans.
Another consideration is that maybe this will just push more people to pay for Twitter Blue, and bring in more revenue for Twitter.
And again, ostensibly, Twitter Blue is a form of verification, at least in Twitter’s eyes. So maybe, Twitter’s view is that if it can force more people to pay, that will make it more of a security element, and help to weed out bots who won’t pay the monthly fee.
But overall, it seems like a short-sighted approach, which will lead to more harm than good. Anyone who controls a brand handle will now have to consider alternative security options, and anyone who values their Twitter account at all will likely also need to re-think their approach.
But will that get more people to sign-up for Twitter Blue? Maybe. I still don’t imagine that many brands will be looking to fork out $1000 per month for Twitter’s upcoming Verification for Organizations, but maybe, by making 2FA a Blue exclusive, more individuals will.
If they can afford it.
The largest percentage of Twitter’s users are US based, but Twitter also has 24 million users in India, 19 million in Brazil, and 19 million in Indonesia, all of which are considered developing economies.
Will people in these regions be able to afford the extra cost? And that’s also if they can sign-up, as Twitter Blue isn’t available in all regions as yet.
Then again, Twitter obviously sees cause for concern, and you would assume that they believe that removing this option will help to reduce the impact of spammers and scammers in the app.
It could be a big price to pay. Hopefully it’s worth it.
UPDATE: Elon Musk says that the change is a cost-saving measure, with SMS messages for verification costing Twitter $60 million per year. Musk says that other 2FA methods are also more secure.