I’ve had a twitter account since October 2006. In that time they’ve been pretty diligent about security.
Not anymore.
Today’s email, subject line is: “Twitter two-factor authentication is now off”
You’ve turned off two-factor authentication for @artlung
This means you’ll no longer have this added protection when you log in to Twitter. Your account will be more vulnerable to compromise. You can turn on two-factor authentication any time in the Account > Security section of your Twitter settings.
[ Go to settings ]
I didn’t turn off the authentication, this is Twitter “saving money.”
In the same way they don’t pay their landlord.
In the same way they don’t pay severance due to people fired.
The world’s richest man, it turns out, is a dirty cheapskate.
Here’s an email from Twitter from August 2020:
You’ve turned on two-factor authentication for @artlung
This means you’ll need to use a second authentication method in addition to your password when you log in to Twitter. You can turn off two-factor authentication any time in the Account > Security section of your Twitter settings.
Make sure to save a single-use backup code in a safe place. This lets you log in to Twitter if you lose your mobile phone or don’t have access to any of your other two-factor authentication methods.
[ Save a backup code ]
Previously: Twitter went private, then it got weird.
On the referred to “Learn more” page it says:
Notice:
Effective 20 March 2023, we will no longer support two-factor authentication using text messages for non-Twitter Blue subscribers. At that time, if you have text message 2FA still enabled, you will be prompted to disable it before you can continue to use your account. Please note the availability of text message 2FA for Twitter Blue may vary by country and carrier.
And that page refers to a blog post: An update on two-factor authentication using SMS on Twitter from February 15, 2023:
We continue to be committed to keeping people safe and secure on Twitter, and a primary security tool we offer to keep your account secure is two-factor authentication (2FA). Instead of only entering a password to log in, 2FA requires you to also enter a code or use a security key. This additional step helps make sure that you, and only you, can access your account. To date, we have offered three methods of 2FA: text message, authentication app, and security key.
While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.
Non-Twitter Blue subscribers that are already enrolled will have 30 days to disable this method and enroll in another. After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled. Disabling text message 2FA does not automatically disassociate your phone number from your Twitter account. If you would like to do so, instructions to update your account phone number are available on our Help Center.
We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.
Learn more about two-factor authentication on Twitter on our Help Center.
UPDATE: today in the iOS app, pitching me to pay money for Twitter: