Elon Musk Will Charge Users For SMS-Based Two-Factor Authentication As Phone Companies Are Scamming Twitter With Fake 2FA SMS. Are Facebook And Instagram Next?
Elon Musk, the owner of Twitter, stated that the social media site is being conned by phone companies out of $60 million/per year in fake 2FA (Two Factor Authentication) SMS texts. His words follow Twitter's announcement that only Twitter Blue customers would be able to use SMS-based two-factor authentication (2FA). Other accounts will need to use 2FA by using an authentication app or security key.
Elon Musk stated that through fake 2FA (Two Factor Authentication) SMS texts the social media site is being conned by phone companies out of $60 million/per year.
His words follow Twitter’s announcement that only Twitter Blue customers would be able to use SMS-based two-factor authentication. Other accounts will need to use 2FA by using an authentication app or security key.
Twitter announced that starting on March 20, users who purchase a Twitter Blue membership will be able to secure their accounts using SMS-based two-factor authentication. Users must log in using a username, password, and an additional “factor,” like a number code, as part of two-factor authentication, or 2FA.
Security professionals have advised using a generator app to get these codes for years. Security experts are baffled by the removal of the ability for unpaid users to get them via SMS text messages because that is a well-liked alternative.
Elon Musk and Twitter have a convoluted relationship that mirrors human complexity. Although it has experienced many turbulences, it has seen its beautiful days and is still going strong. Due to the ongoing censorship on Twitter, there was relief when the Billionaire announced his takeover of the platform.
It will become a “digital square of democracy,” Musk promised. Yet the picture was very different once the acquisition procedure was over. With his new position as CEO, Musk created turmoil rather than bringing about an Orderly Structure.
He had been managing this unending mess through a process of trial and error. The advertisers pulled their advertisements in response to Elon’s takeover, indicating that they did not think it was a good idea. This has an economic impact on the business. As a result, he began the company’s layoff process.
The next phase was to overhaul the interface and implement important policy modifications. Bringing an $8 monthly subscription was one of his first unsuccessful endeavors. But as part of his ongoing Policy Introduction, he has now added a new financial policy that charges for the login verification process.
Since Elon Musk acquired the company last year, Twitter has changed a number of divisive policies. The most current is two-factor authentication. For Android and iOS, Twitter Blue, a subscription service that is the only option to add a blue verified checkmark to Twitter accounts, costs $11 per month; if you just need access to the website’s services, it’s less.
After getting signed off for SMS-based two-factor authentication, users can choose to use an authenticator app or a physical security key.
Twitter stated that only 2.6% of its active users had any sort of two-factor authentication enabled in a study on account security from July 2022. Almost 75% of the consumers were using the SMS version. Less than 1% had added a physical authentication key, while nearly 29% were using authenticator applications.
Because attackers can use other methods to intercept the texts or take over targets’ phone numbers, SMS-based two-factor authentication is Unsafe. Security professionals have consistently underlined that employing SMS two-factor is much superior to not letting a second authentication element.
Tech behemoths like Apple and Google are increasingly removing the SMS two-factor option and converting customers to other authentication methods (usually over many months or years). Because users will have such little time to make a move and SMS two-factor will appear to be a premium feature, researchers are concerned that Twitter’s policy change could cause confusion among users.
Musk has long claimed to be at war with Twitter bots, but he has had difficulty distinguishing between benign and malevolent bots. Meanwhile, Twitter’s SMS two-factor system had interruptions and dependability issues in the middle of November amid upheaval within the company during Musk’s early days as CEO.
Is this just a way to reduce the operational cost of Twitter?
Twitter’s revenue is clearly declining. Due to the substantial funding, he had to supply to execute the $44 billion deal, the new CEO is in debt. Moreover, all marketers removed their Twitter ads starting in October 2022.
The top 100 advertisers reportedly no longer use Twitter for advertising. Advertisers invested $750 million in advertising, but recent years have seen a decline in ad revenue.
Then, Elon Musk, the owner of Twitter, established a $7.99 monthly cost to eliminate any copycat accounts offering the subscriber-only service through Twitter Blue. He halted the procedure, nevertheless, because the experiment did not go well.
However, the Tesla owner revived the system in December 2022 in a fully redesigned fashion with new functions. Now that a two-factor authentication process has been moved to the messaging services, these subscribers will also benefit from specific security features in addition to special features.
This two-factor authentication program for messaging is important for preventing account hacking. How effective the system is at securing an account is unclear.
Nonetheless, it is obvious that the system was set up to save Operating Expenses because message authentication is an expensive process. So, they are only giving this service to Twitter Blue users in order to recover them.
Twitter users getting notifications to turn off their 2FA.
Twitter users who have SMS two-factor enabled started seeing a pop-up overlay box, advising them to turn off two-factor completely or switch to “the authentication app or security key methods.” The firm claims that its improvements to two-factor will go into effect in mid-March.
If consumers don’t turn off SMS two-factor by the new deadline, it’s unclear what will happen. Those who still have SMS two-factor enabled on March 20 when the change becomes official is allegedly going to lose access to their accounts, according to an in-app notice.
By March 19, 2023, text-message two-factor authentication must be removed in order to maintain access to Twitter, according to the notification. If users don’t make any changes before March 20, two-factor will only be removed, according to a blog post on Twitter.
The business stated, from 20 March 2023, they will no longer allow non-Twitter Blue customers to use text texts as a 2FA option. Accounts that still have text message 2FA enabled will have it turned off at that point.
What will happen to accounts that still have SMS two-factor enabled on March 20? was a question that Twitter did not respond to. The company declined to comment on whether the policy change may cause a sizable decline in the platform’s use of two-factor authentication.
According to Lorrie Cranor, head of Carnegie Mellon’s usable privacy and security lab, the Twitter blog is correct to note that text message-based two-factor authentication is routinely misused by criminals. He agrees that it is less safe than other 2FA approaches. But wouldn’t they want to keep paid accounts secure if their goal was security? Just allowing the less Secure Way for paid accounts doesn’t make sense, according to him.
Facebook and Instagram users might need to pay to get the Blue Tick soon, following in the footsteps of Twitter.
Meta generally follows its rival Twitter’s path, which can lead to a paid verification process for Facebook and Instagram users.
The CEO of Meta, Mark Zuckerberg, made an announcement about the matter on Facebook saying that the new initiative will start later this week in Australia and New Zealand.
According to the company, a monthly subscription will cost $11.9 on the web or $14.99 on iOS and Android (or $19.99 on the web or $24.99 on iOS and Android in Australia).
This paid verification will bring some more benefits along with the Blue Badge, like Extra Impersonation Protection, better reach for the verified accounts, and access to customer support directly, Zuckerberg said.
In a blog post, Meta stated that it will rely on official identification documents to establish the identity of verified accounts in order to prevent embarrassing situations like accounts impersonating persons and brands, which occurred when Twitter first introduced its premium verification service.
Users and accounts both require a posting history and a minimum age of 18. At this time, businesses won’t be allowed to use the service, according to Meta.
The improved exposure of postings from verified users would “depend on a subscriber’s existing audience size and the content of their posts,” the business stated. Those with smaller audiences may experience a greater influence.
According to the company, “unique stickers” would be available on Facebook, Instagram, and Facebook reel stories.
In November, Meta made 11,000 personnel reductions, or 13% of its workforce, as a result of declining ad revenues and the general economic crisis. Prior to recovery, the company’s share price dropped by more than 70% in 2022, and in July, it reported its first-ever sales decline.
Elon Musk, the CEO of Twitter, said in response to the news that Meta would “inevitably” follow Twitter.
Edited by Prakriti Arora