Twitter's deadline to move away from text-based 2FA is today
Twitter's deadline for free users to switch away from text-based two-factor authentication unless they pay for Twitter Blue has arrived. Here's how to adjust your account.
In February, Twitter declared it was making a major change to how it handles two-factor security for accounts. Unusually, it had decided to take away text-based two-factor authentication for all users, except those willing to pay for the Twitter Blue subscription.
Twitter gave users up until March 19 to move away from its SMS-based system in favor of others, including using an authenticator app. Now, users have a matter of hours to move off text-based two-factor authentication if it's enabled on their account, in favor of another system.
From March 20, non-Twitter Blue subscribers will find the text-based 2FA system for their accounts disabled automatically. Users will instead discover they are only protected by their password, unless they are proactive and make the change to a different system.
Twitter has been promoting the deadline to change with pop-up notices, inviting users to make the update.
According to Twitter, text-based 2FA could be "used - and abused - by bad actors." However, the move is confusing, as it is simultaneously claiming SMS 2FA is weak, while also allowing users willing to pay the Twitter Blue subscription to use the supposedly low-security authentication option.
The process of switching the form of 2FA is straightforward, especially if you're using an authenticator app such as Google Authenticator, if the notice is presented to you in a browser.
After clicking Get Started, users must enter their account password then click Confirm.
On the screen titled "Turn off two-factor authentication?" click Turn off.
You'll then be asked to choose your new verification method. If you have a security key, select that option and follow the instructions, otherwise select Authentication App then click Next followed by Get started.
A QR code will be shown on-screen, which can be scanned within the authentication app to add it to the app's roster. Click Next after completing that action.
To double-check, Twitter will ask you to enter the six-digit authentication code in the authenticator app. After that, you will be offered a single-use backup code, just in case the authenticator app fails.
If the notice isn't available, you can access options to change two-factor authentication within account settings, under Security and Account Access, followed by Two-factor authentication.