Elon Musk Just Killed Twitter’s SMS Based 2FA…. WHAT WAS HE THINKING??? [UPDATE: Working For Some Again]

I don’t get it. I’ll just put that out there right out of the gate. I say that because a reader pointed me towards this Tweet:

With Twitter SMS 2FA turned off, this service will not function. As in you will be locked out of your Twitter account and you will not be able to log back in if you log out. That’s because Musk clearly decided to kill whatever back end service or services send out the code to your phone via SMS.

Now if you use other forms of 2FA for Twitter, for example you use Microsoft Authenticator to generate a code to log into Twitter, you’re fine. But for those who use strictly SMS for 2FA, and that would be a lot of people I suspect, could be in deep trouble unless they immediately do the following via Twitter’s web interface:

  • Go to Settings & Support Settings and privacy and then go to Security and account access.
  • Go to the Security section.
  • Under Two-factor authentication, click the two-factor authentication link.
  • Make sure the Text message toggle is OFF.
  • For your security, use one of the other methods which are Authentication App or a Security Key. Or if you feel lucky, don’t use another method of 2FA.

More instructions can be found here. Just ignore anything that refers to SMS or text messaging. Seeing as it’s broken at the moment.

Now to be fair to Musk as I have to look at this from both sides of the fence, SMS based 2FA is weak and exploitable. Thus killing it is a good idea. But to do it with zero warning to users is just plain stupid. That of course assumes that he killed it based on this Tweet.

Now he might not have had a clue what this did, and now by turning whatever back end service supports Twitter SMS 2FA, he’s screwed over a ton of Twitter users in the process.

But the other possibility is that Twitter 2FA broken and there is nobody left who can fix it. Which effectively is the same thing as he turned it off because he laid off half the staff, and those with the knowledge to fix stuff at Twitter are likely not returning his phone calls. Either way, Musk is proving that he’s way out of his league with Twitter. And Twitter users will suffer as a result.

Just another day in Musk run Twitter I guess.

UPDATE: It looks like this service is slowly coming back up. Over the past hour, there have been reports on Twitter that users who were unable to use SMS 2FA can now use it again. But I am not sure that I would trust it as Musk may just break it again.

Leave a Reply

%d bloggers like this: