Twitter is doing away with two-factor authentication (2FA) via text messages for non-subscribers.
Users can increase the security of their online accounts beyond passwords by using 2FA, which verifies the identity of the person logging in.
Users may receive a code via text message or use an authenticator app as common techniques.
But on Saturday, the Twitter Support account tweeted that starting on March 20, text-message authentication would only be available to Twitter Blue subscribers.
The removal of the method before the deadline would prevent them from losing access to their accounts, according to an in-app alert sent to some text-message 2FA users.
Elon Musk, the owner and CEO of Twitter, tweeted that the authenticator app was safer and would continue to be free.
He claimed that Twitter had been "scammed" by phone companies and was shelling out more than $60 million (£49 million) annually for "fake 2FA SMS messages.".
"Bad actors" had abused the technique, Twitter blogged.
We recommend using an authentication app or security-key method instead for non-Twitter Blue subscribers, it said.
"These techniques make sure your account is secure and call for you to physically possess the authentication method. " .
Although only 2.6 percent of active Twitter accounts had 2FA turned on between July 2021 and December 2021, security expert Rachel Tobac stated in a tweet that the move was "nerve-wracking.".
- The text-message approach was being used by 74%.
- 28.9% of people used an authentication app.
According to Ms. Tobac's tweet, "All of us in security want people to use a great form of [multi-factor authentication] to protect their account, but automatically unenrolling users who have already signed up for SMS 2FA because they didn't pay just exposes them to risk. ".
SMS 2FA may be less secure than authenticator apps, according to experts.
But Prof. Alan Woodward of the University of Surrey said that it continued to be well-liked because it was simple to use.
He told BBC News, "I'd rather people used something rather than nothing, which may very well be what the less tech savvy are tempted to do.
"I understand Elon Musk's desire to reduce costs for the company, but I think it is a terrible case of false economy to choose to effectively discourage 2FA for many users.