Analysts Slam Twitter's Decision to Disable SMS-Based 2FA
Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?
SMS is used for login codes and alerts, but text messages can be intercepted, spoofed, or redirected through phone-account attacks.
Search across headline titles and summaries.
Background for this topic.
SMS (Short Message Service) is a standardized mobile-network service for sending short text messages between phone numbers. It is widely used for person-to-person communication, service notifications, and one-time authentication codes, but messages are generally not end-to-end encrypted and may be visible to mobile operators or infrastructure handling delivery.
Security concerns include smishing—phishing delivered by text—along with sender-ID spoofing, malicious links, and social engineering. Account recovery and SMS-based multi-factor authentication can also be undermined when an attacker takes control of a phone number through SIM swapping, abuses carrier processes, or exploits signaling-system weaknesses. Organizations should avoid treating SMS as a high-assurance authentication factor where stronger options are practical, restrict sensitive content in texts, monitor number-change and authentication events, and train users to verify unexpected messages through a trusted channel.
Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?
Activision has confirmed that it suffered a data breach in December 2022 after one of its employees fell victim to an SMS phishing attack, giving hackers access to its internal systems. [...]
Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees
Coinbase cryptocurrency exchange platform has disclosed that an unknown threat actor stole the login credentials of one of its employees in an attempt to gain remote access to the company's systems. [...]
Twitter has announced that it will no longer support SMS two-factor authentication unless you pay for a Twitter Blue subscription. However, there are more secure options for multi-factor authentication, which we describe below. [...]