Twitter users have started receiving a very official alert. This message informs them that SMS authentication is going to be disabled for free accounts and that if they do not act by March 19, they risk losing their access. Explanations.
The rule change imposed by Twitter, published on the company blog on February 15, concerns what is called “two-factor authentication”. It is an optional security, very widespread on the web and apps, in addition to the basic password linked to the account and which, in our case, until now, was based on the sending of a random code by SMS. We copied this code in the Twitter app, and we were authenticated.
This was the principle, until Elon Musk accused certain telecom operators of overcharging these SMS: “Twitter gets scammed by phone carriers out of $60 million a year, with fake SMS authentication messages”, tweeted the owner of the social network. Hence its decision to reserve, from March 20, this SMS authentication for paid Twitter accounts, the famous Twitter Blue, billed at least €8.40 including tax, per month, in France.
Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages
— Elon Musk (@elonmusk) February 18, 2023
Consequence: in one month, your free account will no longer benefit from this double authentication. It will therefore be hackable much more easily, and at the mercy of any hacker in possession of your basic password. It is on this risk, and this fear, that Elon Musk bets to win paying subscribers.
However, there are other solutions than drawing your credit card. The most practical is based on authentication, via an application that will replace the SMS that you may have been using until now. Regardless of your smartphone – Android or iPhone – you can download a so-called “2FA” authentication application (two-factor authentication) for free, such as Google Authenticator, Microsoft Authenticator or Authy, the excellent equivalent application from Twilio.
Now, if you’re on iPhone, it’s even simpler, since this authentication function with on-the-fly digit code generation, is integrated into the system : no need to download any app. The camera is all you will need.
Aim for the QR code with your smartphone
On smartphone, Twitter will offer you, to activate this authentication via an application, to follow a link. Link that is not always valid. The testimonials of users who have not succeeded in completing the configuration are multiplying. I therefore recommend the QR code method, even if it involves finding a computer: indeed, you will have to take a picture of this QR code, with your smartphone.
You therefore need a PC or Mac to go to Twitter settings, and more specifically to the “Security” section and then to “Two-factor authentication”. Start by unchecking the box in front of “SMS”, since you will soon no longer have access to it. Instead, check the box in front of “Authentication application”, and validate.
The famous QR code arises. Aim it from the “Camera” app on your iPhone, or via your authentication app on Android. On iPhone, click on the link on a yellow background which appears superimposed on the image of the QR code, and which invites you to “Add a validation code in Passwords”. If you manage multiple Twitter accounts, choose the Twitter account in the next screen. Your new two-factor authentication setup is complete.
One code, every 18 to 30 seconds
Your smartphone will now generate a new 6-digit code every 18 to 30 seconds; code that will be accepted by Twitter instead of the old code that you received by SMS. In the end, for you, Twitter remains free, and it’s even simpler, but at the cost of these few manipulations which – for sure – will deter some.
Of the 351 million free accounts – about 2 million Twitter Blue accounts – not all had enabled two-factor authentication via SMS. But it was, until now, the most mainstream option. How many users will take this step and update their double authentication? It seems obvious that only a part will remain protected beyond March 19.
