Twitter this week announced updates to its user account security policies, with all free users no longer able to use phone text messages as 2FA verification codes. To continue using text message verification, users must subscribe to the Twitter Blue subscription service.
Changes to Twitter’s policies are now so frequent that it’s no longer worth explaining why they are being made, as most changes are directly requested by CEO Elon Musk and employees are simply responsible for carrying them out, without knowing the reasons behind them.
Therefore, Musk tweeted that Twitter is defrauded of $60 million annually by SMS service providers, as most 2FA SMS messages are fake.
This statement should refer to the fact that there are many bot accounts on Twitter, causing waste of funds. Of course, it may also be that Musk is saying that SMS service providers intentionally send messages to some false numbers to waste Twitter’s funds.
It is worth noting that if users do not actively bind 2FA verification programs, they may not be able to verify and log in to their accounts in the future. Existing bound phone numbers will not be automatically removed, but cannot be used as verification tools.
From a security perspective, text message verification is very unreliable, and using 2FA verification programs such as Google Authenticator and Microsoft Authenticator is actually more secure.
Musk also mentioned this in subsequent tweets, so users are recommended to switch to 2FA verification programs in a timely manner.