Monday, February 20, 2023

Don't Panic -- You Don't Have to Pay for Twitter Blue to Use Two-Factor Authentication

New policy at Twitter, and it's not Elon Musk money-grubbing. Or, rather, it's not Elon musk unreasonably money-grubbing.

After March 20, if you want to protect your Twitter account with two-factor authentication, you'll have to:

  1. Become a Twitter Blue subscriber; or
  2. Choose a method other than SMS text message for your second authentication factor (the first one is your username/password combo).
Why? Because, according to Musk, fake SMS messaging schemes are costing Twitter $60 million a year.

There are free alternatives -- here's a Wired review of "authenticator apps" -- and there are relatively inexpensive hardware keys like the one I just ordered (not an affiliate link). I had a YubiKey that I got as a subscription premium from Wired a few years ago, but it went missing.

I didn't order the new one for Twitter specifically, btw -- I just finally decided the YubiKey wasn't going to turn up and that I should get a new thing instead of having to click "choose alternate method/send me a text" on Facebook for the rest of my life. Now that I've ordered the new one, the old one will no doubt magically reappear. Welcome to my life.

If you log into various services via phone, an app might be the better choice, since most of the hardware keys seem to be USB-A. Since I use Twitter, Facebook, et al. almost exclusively from my desktop or, when traveling, a laptop, the hardware key makes sense.

This particular hardware key costs less than two months of Twitter Blue, and the devices can be used on many platforms. So "you can authenticate via text message" isn't really a Twitter Blue selling point for me.

No comments: