Edgar Cervantes / Android Authority
- Elon Musk disabled specific microservices at Twitter, which likely included Twitter SMS 2FA.
- If you used text messages to prove your identity when logging into Twitter, you wouldn’t be able to do that when you log back in, essentially locking you out of your account. However, it appears the issue is starting to get fixed.
- Other 2FA methods, such as using an authenticator app, still worked.
Update, November 14, 2022 (06:25 PM ET): It looks like this service is slowly coming back up. Over the past hour, there have been reports on Twitter that users who were unable to use SMS 2FA can now use it again. We also tested setting up SMS 2FA anew and it worked. However, there are still a ton of reports of people facing issues currently as well as others who hit a wall of how many SMS they could send (even though none were actually sent). This triggers a protocol that prevents you from requesting new SMS codes for 24 hours, essentially locking you out of your account for that time.
It is still advisable to change your 2FA method from SMS to something else, or at least add an additional 2FA layer.
Original article, November 14, 2022 (04:36 PM ET): It’s hard to believe it’s been less than three weeks since Elon Musk took over Twitter because so much has happened. Whether it’s because of check marks, gray checkmarks, advertisers exiting, or any of the other problems the site has been facing, the word “Twitter” hasn’t left the news cycle.
Well, today’s news might be the most bizarre yet. Musk tweeted out that he has shut down microservices at Twitter calling them “bloatware.” He claims that less than 20% are actually required for Twitter to work. However, Twitter SMS 2FA is apparently part of those microservices, which could be a big problem.
SMS two-factor authentication (2FA) is when a web app texts you a one-time passcode to prove your identity. Usually, you’ll supply your phone number during the registration process. When you go to log in, you’ll get a text to that number with a temporary six-digit code. By entering this code into the app, it gives an extra layer of security on top of the usual username and password combination.
With Musk shutting down microservices, it appears to have also turned Twitter SMS 2FA off. Under these circumstances, if you have SMS 2FA turned on and log out of your Twitter account, you will not be able to log back in. Technically, two-factor authentication isn’t broken, but you’ll never get the text message with your one-time code. The service that sends the message is off so it just doesn’t send.
To be clear, if you use other forms of 2FA for Twitter — including authentication generator apps — you will be fine. This only applies specifically to people who use SMS as their 2FA service.
Twitter SMS 2FA: Better turn it off
To prevent getting locked out of your Twitter account, be sure this service is turned off:
- Go to Settings & Support > Settings and privacy and then visit Security and account access.
- Hit the Security section.
- Under Two-factor authentication, hit the two-factor authentication link.
- Make sure the Text message toggle is OFF.
- For your security, use one of the other methods.