Beginning on May 28 and running through June 4, Twitter is limiting SMS-based 2FA to Twitter Blue members.
The website indicates that this move done to prevent spam. And reduce email and phone call fraud, but does not mention the impacts on non-Blue members. If your account was create before the date, it will be protect according to the previous 2FA system. Given that Twitter has lessened its focus on non-Blue users – as evidenced by this change (where only blue users would receive SMS-based verification). We believe that this is a strategic action by the company, not a bug or oversight.
Non-Twitter Blue accounts that fail to switch to two-factor authentication. After March 20 or use an invalid security key will have their two-factor authentication disabled.
Effective March 20, Twitter will no longer allow people to use SMS-based two-factor authentication (2FA), unless they subscribe to Twitter Blue. To continue receiving SMS support, you’ll need an account with a current address in their records. You can – much like with 2FA via email or text messages – use a Google Voice number as an authenticator:
If you’re a Twitter user and haven’t set up 2FA yet, there’s only a couple of days to get it done. Those who are not enroll in Twitter Blue can still use an authenticator app or a security key for 2FA. But if they’re currently using SMS to authenticate their accounts, they only have 30 days to make the switch.
Here’s the deal: on March 20, 2023, non-Twitter Blue subscribers will no longer be able to use text messages as a 2FA method. And accounts with text message 2FA enabled will become inactive.
Text-based 2FA is consider the least effective form of 2FA. Hackers have tricked cellular providers into cloning a victim’s mobile phone number to a new SIM card. Which they put in their own phones to intercept an SMS 2FA code. But getting people to adopt multi-factor authentication has been an uphill battle for many services. And a text-based code is better than nothing.