How to Secure Your Twitter Account Without a Blue Subscription

When Twitter announced on Feb. 17 that it will start charging people to use text-based account verification, a basic technique that all kinds of sites rely on to protect their users, the cybersecurity community reacted with a collective groan

With this type of two-factor authentication, users enter their username and password into Twitter and then receive a message to their phone with a unique code that they type in for access to the site. It’s not a perfect security mechanism, but it’s a convenient and mostly effective way of keeping hackers out of accounts. After all, a wannabe intruder who only has your email address and password likely wouldn’t be able to get to your profile without that code. 

While many websites still offer text-based 2FA for free, that’s slated to change at Twitter after the company announced that only subscribers to the new Blue service will be eligible. Simply put, Elon Musk’s service will start charging $11 a month for a service that used to cost nothing. And, surprisingly, people who don’t subscribe to Blue but try keeping their text-based two-factor authentication will lose access to their entire account, effective March 20. 

It’s a significant change. Two-factor authentication is a broad term that refers to any secondary form of verification (such as phone calls or emails) on top of a username and password. Text messages are the most popular technique: Twitter’s 2021 transparency report said that 74% of the people who used two-factor authentication relied on text-based verification. 

It’s still possible, though, for people to maintain security without giving money to a billionaire who slashed Twitter’s content moderation teamboosted anti-LGBTQ conspiracy theories and became the first person to ever lose $200 billion and then get most of it back. 

The easiest method is to add an authenticator app to your existing Twitter account. 

Google’s Authenticator service, Twilio’s Microsoft’s Authenticator all offer apps that generate the same kind of verification for which Twitter is starting to charge. You’d log in to Twitter much in the same way you probably do now, except that you’d need to type in a special access code from the authenticator app first.

Set yourself up by downloading a trustworthy service – Apple also has a free built-in generator for iPhone users – then visiting Twitter’s “Settings” page, clicking “Security,” then “Two-factor authentication.” Uncheck the “text message” box and sign up for the “Authentication app” option.

Security keys can also help. These are physical tokens offered by Google, Apple, Yubico and others that users plug into their phone and computer to verify their identity by checking information stored on a chip against data in online servers. Physical security keys can be costly and will never be as convenient as text-based authentication. 

Then again, the alternative is to pay for a similar service on Twitter. 

What We Learned This Week

In October 2019, the inspector general's office at the US National Security Agency got a tip that someone was misusing agency funds.

Such an allegation could mean serious business, especially at a spy agency charged with disrupting foreign hacking groups, protecting American networks and collecting secrets from adversaries. The government launched an investigation, interviewed witnesses and two years later rendered its judgment. 

Someone on the payroll had misspent hundreds of dollars at Chick-fil-A and Sbarro.

Details of the investigation were laid bare in dozens of internal emails and in a 14-page report prepared by the Inspector General of the Intelligence Community, which is sometimes called upon by other intelligence agencies to probe waste, fraud and abuse. The documents were unearthed via a Freedom of Information Act request by my colleague Jason Leopold

Previous FOIA requests to the NSA have uncovered more serious matters. An unrelated investigation last year, for instance, examined whether an experienced NSA analyst developed a surveillance project that collected American’s private information. 

This time, a government watchdog spent months getting to the bottom of a caper involving fried chicken sandwiches and pizza. 

Working as a recruiter, the person, whose name was redacted from the filings, used a government credit card for a $355.10 deal at Chick-fil-A that included 60 sandwiches (without hot sauce), two gallons of lemonade and two gallons of sweet tea.

They also spent $127.18 at Sbarro, purchasing eight pizzas, including one Hawaiian style, and five liters of Coca-Cola, ginger ale and lemonade. 

All that food was intended for recruiting events, where the NSA appeared in order to explain the agency’s mission and attract potential applicants.

The watchdog concluded the purchases violated a government rule that says taxpayer dollars can’t be used to purchase food. Investigators also said the transactions were itemized as “presentation expenses.” We don’t know what happened to the person who bought the fast-food bounty. 

At least they got Chick-fil-A sauce for the sandwiches. 

What We’re Reading

Fear made John McAfee rich, but it also ruined him. The antivirus pioneer and accused murderer is the subject of the new podcast series of Foundering, hosted by my colleague Jamie Tarabay. The first episode debuted last week, and the story gets crazier with every new release. Look out for Foundering on your podcast app every Thursday. 

Vast counterintelligence effortscomplicated the Kremlin’s efforts to conduct influence operations, keep in touch with informants and gather information about Western efforts to help Ukraine. 

Norwegian cops seized$5.9 million in cryptocurrency that was connected to the Axie Infinity heist last year.

Book recommendation: I’m moving through Thinking, Fast and Slowby Daniel Kahneman. The book is essentially a 400-page answer to “Why do we do what we do?” It explains the human decision-making process, with insights about topics ranging from the formation of bias, balancing rational thought with emotional impulse and the effects of overconfidence. Don’t miss this Bloomberg interview with the author. 

GoDaddy said an organized groupconducted a multiyear crime spree targeting its services. 

Russian hackers have inundated Ukraine with a “near-constant digital attack” since the invasion last year, Google said. 

US agencies are forming a “strike force” to combat the theft of advanced technology and stifle financially-motivated hacking.

A new homeowner figured out that the last seller still controlled smart locks throughout the property, the latest proof that that Disney channel classic Smart House predicted the future

Spain agreed to extradite alleged Twitter hacker charged in connection with a 2020 incident when crypto scammers hijacked the accounts of influential users. 

The FBI said it’s “contained”cyber incident on the bureau’s network

The Tor Project is moving its infrastructure after learning that one of its hardware providers sold internet monitoring capabilities

Gone Phishing

Why not three, slacker? 

Got a News Tip?

You can reach Jeff Stone at [email protected]. Margi Murphy is [email protected]+1 (415) 254 3919. You can also send us files safely and anonymously using our SecureDrop

More from Bloomberg

Listen: Foundering: The John McAfee Story is a new six-part podcast series retracing the life, the myths and the self-destruction of a Silicon Valley icon. Subscribe for free on or wherever you get your podcasts.

Get Tech Daily and more Bloomberg Tech weeklies in your inbox:

• for a playthrough of the video game business
• Power On for Apple scoops, consumer tech news and more
• Screentime for a front-row seat to the collision of Hollywood and Silicon Valley
• Soundbite for reporting on podcasting, the music industry and audio trends