Twitter wants to save money on sending texts for 2-factor authentication. Even if a lot of people won't switch to an app authenticator (which is the better but more complicated option, which leads to lower adoption) and will therefore be way less secure.
The company framing this as a way to block "bad actors" is misguided. Many more accounts will be easier, not harder, to hack. If this was really about SMS insecurity, why allow Twitter Blue accounts to keep using it?
Follow
@drewharwell 2FA over SMS is already insecure. SMS is in the clear and is subject to MITM attacks. It's the *worst* 2fa. I hate that every bank uses it *and nothing better*. Use an authenticator app or a yubikey. Security is important.
