Skip to main content

Multi-factor authentication (MFA) is now a common method of adding additional security when accessing online accounts.  It requires users to provide multiple forms of identification to prove their identity in order to access an account or system.  The forms of identification are commonly things people have, such as a passcode or something a person knows, which might be an answer to a security question.

On 17 February, Twitter gave notice to customers that one of its verification methods, its SMS-delivered verification would be disabled.  This verification method is where a passcode is sent to a mobile phone by text message as an extra security step. To keep on using this form of MFA, customers would need to subscribe to the Twitter Blue paid-service.

For non-Blue Twitter users, the weakening of account security with the loss of this verification method has led to some confusion about Twitter’s decision, with some users mistakenly believing that Twitter has dropped MFA altogether. This has prompted concern that many Twitter users may not switch to an alternative type of MFA despite the risks of not doing so. 

The good news

Twitter still supports MFA and currently offers two alternatives methods of verification: use of an authenticator app or authentication by way of a physical security key.  Twitter users are recommended to switch to one of these methods before the 20th March and guidance can be found on Twitter’s website

For further reading about multi-factor authentication (MFA), visit our advice and guidance article.