Let's Talk

Twitter Puts 2FA Via Text Message Behind the Paywall – Social Factor Alert

In a blog post and tweet to their @TwitterSupport account, Twitter announced that two-factor authentication (2FA) would change for all users on March 20, 2023. After this date, any users NOT subscribed to Twitter Blue will no longer be able to use SMS to authenticate their login, and will be forced to use an authentication code app (such as Google Authenticator), or a physical security key (such as Yubico’s YubiKey). 

Two-factor authentication as a security practice requires users to provide extra proof of their identity to log into an account, and Cybersecurity experts classify these extra forms of ID into three categories: something you are (like your fingerprint), something you know (like an answer to a question), and something you have (like a phone that can receive SMS/text messages). 

Twitter stated this change was due to SMS-based 2FA “being used – and abused – by bad actors.” This seems to agree with a 2021 report from Twitter’s Transparency team, noting “SMS-based 2FA is the least secure [authentication method]”. (The same report stated that nearly 75% of accounts with 2FA enabled were using SMS as their secondary key.) Following the 2FA announcement, multiple critics noted that this was likely motivated by costs, as SMS verification fees through services like Twilio can cost as much as $0.05 per verification (plus carrier fees)

Action Items for Brands

  • SMS has long been the preferred 2FA for Brands with distributed social teams and/or agency partners. They will now have to pay for Twitter Blue, or change team processes.
  • We highly recommend moving away from SMS-based 2FA, due to known flaws and potential attacks. This change makes it all the more important to migrate access to social management software (like Sprinklr) or a secure password vault (like Bitwarden). 
  • This change will inevitably lead to more Twitter account hack attempts, which will be more successful as many users won’t migrate their 2FA. The threat to brand Twitter accounts will increase as well, and preparing your security before the effective date is now critical.

Other Topics

Social Media

Social Care

Marketing

Digital Strategy

Leadership

\ AI/Tech

Related Blogs

people gathering and speaking to each other

From Coachella to Toyota: How Fort Worth’s Social Factor Is Rocking ‘Human Connection’

ceremony for an award - inc 5000

Social Factor Earns Ranking on 2023 Inc. 5000 list

award ceremony inc 5000

These fast-growing Dallas-Fort Worth companies earned spots on the 2023 Inc. 5000 list

social factor inc 5000 list

Social Factor Named by Inc. As One of the Fastest-Growing Private Companies in the Southwest

social media giveaway on screen of a laptop

How to Run a Social Media Giveaway: Examples, FAQs + More

community manager at work

Community Management + Social Media: Everything You Need to Know

brand ambassador for jaritos

Creating a Successful Brand Ambassador Program in 7 Easy Steps

Get Ready: Employees Can (and Will) Call Out Bad Bosses on Social Media – Social Factor Alert

Dear Brands, My Disability Shouldn’t Be a Meme – Social Factor Alert

How Netflix Broke the Internet (and NOT in a Good Way) – Social Factor Alert

Services

listening analytics

moderation

channel-strategy operations

governance security

workflow design

Solutions

social business diagnostic

the engagement lab

Resources

Blog

Case Studies

Agency

About

Careers

© 2023 Social Factor All Rights Reserved.

Privacy Policy