Twitter is ending free two-factor authentication via SMS. So what can you use instead? | Twitter

This weekend, Twitter announced that starting March 20, non-Twitter Blue subscribers will have their two-factor authentication via SMS disabled.

Twitter advised users to use third-party apps or a security key instead, but for the overwhelming majority (74.4%) of the 2.6% of active Twitter users who use SMS as a method of authentication, it means they have a month to change. or potentially lose protection.

So what is two-factor authentication and what should you do to secure your social media account?

What is two-factor authentication?

Two-factor authentication (2fa) is a second step once you’ve logged into an online account with a password to prove you are who you say you are. This is an extra layer of security, so if your password is compromised, it will be slightly harder for someone to access your account.

For authentication apps and two-factor authentication via SMS, you receive or receive one or more numbers that you must re-enter on the website.

Most online services such as social media platforms, banks, and those used in workplaces require or strongly recommend users to use 2fa on their accounts.

Why is Twitter abandoning SMS-based 2fa?

Twitter claims SMS 2fa has been “used and abused by bad actors”. Company owner Elon Musk says the abuse costs Twitter about $60 million a year.

While the company is correct that SMS authentication isn’t the best, it’s not widely seen as a lucrative business for those who misuse it.

Why are other apps better than SMS for authentication?

While no method is foolproof, texting is much easier to compromise.

People can use what is called sim-jacking or sim-swapping to take over your mobile phone number which can then be used to access your account. This is done by convincing or forcing a telecommunications company to transfer your cell phone number to a new SIM card.

Some countries, including Australia, have introduced rules requiring telecommunications companies to properly verify a person’s identity before allowing them to port a mobile number to a new provider.

If I want a second layer of security on my Twitter account, what other options do I have?

One option is to use a third-party authenticator for 2fa, rather than Twitter’s own service. Google Authenticator is the most prominent third-party application used for 2fa. However, password manager apps, including the one built into Apple’s iOS, now offer to also act as authenticators for Twitter and other sites.

When you set up 2fa through the Twitter app on your mobile, it will ask where you can authenticate.

Another option is to use a dongle, which is a USB stick that you can insert into your computer and can be used to authenticate you when logging into websites. While most are USB-C or USB-based, some can connect wirelessly or through Apple’s Lightning port. It’s a hardware option if you’d rather not use an authenticator app.

What should I switch to?

Use what you feel most comfortable with. If you already use a password manager and this app also offers 2fa, it makes sense to keep using what you know.

Whatever you use, just make sure you’re entering the number on the right site and never give the number to anyone on the phone. Although the code validity window is short, if someone tries to figure out your code and take over your account, they can still do it if they work fast enough.