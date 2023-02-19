



A Twitter account login/signup screen displayed on a laptop computer on April 27, 2021 in Orlando, Florida. A proposed security change for Twitter users who don't pay a monthly fee has angered many platform users.

Only users who pay a monthly fee for Twitter’s subscription service will be able to use text message authentication to keep their accounts secure, the social media company said.

Two-factor authentication doesn’t require you to be a Twitter user, but it’s a proven and easy way to keep your account safe. This means that if someone wants to hack the account, they will need the password and access to the account owner’s device.

Twitter Blue is $11/month for Android and iOS in the US and $8/month for web users. Users have to sign up for 30 days. If you don’t sign up, two-factor authentication (2FA) for SMS is automatically turned off.

The announced changes to the platform are the latest in a string of decisions that have caused serious disruption to the social media company following last year’s acquisition of Elon Musk.

Twitter says the reason for the move is that phone number-based two-factor authentication is being “abused by bad actors.” However, the planned move has angered many users, fearing wider repercussions.

At least one user called the decision “vile” and “disgusting.”

“Disabling 2FA for text messages does not automatically disassociate your phone number from your Twitter account,” the company said, though some say it puts user security at risk. increase.

Another user speculated that Twitter’s latest move “could lead to a class action lawsuit if people were hacked and damaged.”

Evan Greer, director of non-profit digital rights advocacy group Fight for the Future, condemned the move on Twitter.

In an email to NPR, she called the decision one of Musk’s “chaotic moves.” She has been critical of Twitter’s recent actions after Musk acquired the company.

“Twitter users should never have been put in this situation. It should never be done because it could mean the difference for an authoritarian government to gain access to an account…in such a reckless and poorly thought out way,” Greer told NPR. said in an e-mail.

Potential Impact for Users Outside the United States

Accounts in other parts of the world also appear to have a wider impact.

Irish reporter Gavan Reilly tweeted that he “literally has no choice but to maintain our current security options” as Twitter Blue is not even available in his country yet.

Twitter Blue is only in the United States, Canada, Australia, New Zealand, Japan, United Kingdom, Saudi Arabia, France, Germany, Italy, Portugal, Spain, India, Indonesia, and Brazil. The company says it plans to expand it.

Greer said restricting how users can protect their accounts “is also a gift to authoritarian governments.”

“Sure, it’s good to tell people to use authenticator apps, but what if the government blocks that authenticator app, criminalizes its use, or bans it from the app stores?” she pointed out.

Also, apps like Duo don’t work in certain countries if the user’s IP address originates from a region sanctioned by the United States, such as Cuba, Iran, Syria, or regions of Ukraine controlled by the Russian military. .

The Twitter logo adorns the awning of the building that houses Twitter's offices in New York on October 26, 2022.

. Mary Altaffer/AP

Mary Altaffer/AP users need to find an alternative to SMS authentication

Two-factor authentication is “one of the most basic forms of security that many people use and have access to,” says Greer.

It’s considered “better than nothing,” but it’s actually one of the least secure measures to use, she said. That’s because “a relatively simple attack called ‘SIM swap’ is becoming increasingly common.”

This is “when an attacker calls your mobile operator pretending to be you, convinces them to transfer your phone number to a new device, and then sends themselves a two-factor authentication code.” she said.

Digital security experts generally recommend switching to authenticator apps instead of relying solely on phone numbers, Greer added.

“For readers who want to protect themselves: Even if you have Twitter Blue, you should stop using SMS for two-factor authentication and start using authenticator apps,” she said. “There are many popular ones, and some password managers include them.”

Still, Greer said making 2FA a “luxury feature” for certain subscribers is ridiculous and potentially dangerous.

For non-tech-savvy users, this is Greer’s concern.

“We know that most users will simply leave it at the default or not take action if they are confused or unsure,” she said. It could mean millions of vulnerable Twitter users are suddenly kicked out of two-factor authentication and never set it up again.”

