Twitter has decided to remove the text message option for two-factor authentication for non-paying users, who will have to use an authentication app or a security key (like YubiKey by Yubico). The big difference to Twitter is that it costs money to send SMS, while the use of apps or keys are free to Twitter. Twitter says that it has been paying $60 million per year for bot/fake/fraudulent usage of SMS two-factor authentication. (Paying users will still be able to use SMS, likely due to lower fraud rate and for Twitter to offer convenience).

Lowering costs is very urgent for a company that is the object of a highly leveraged buyout and seems to have lost a large chunk of sales in the first quarter as a private company. But it is never good management practice to spend about 1 % of revenue on fraudulent SMS fees to begin with.

I expect most public technology companies, especially as they are laying off staff, to be looking to lower non-staff costs like SMS costs. It has a quick impact on profitability and saving, say, $60 million should increase Twitter’s (or a public technology company’s) valuation with about $ 1 billion. And with a billion here, and a billion there, soon you are talking about real money.