Twitter users who secure their accounts via text message will lose the extra layer of security after March 20 unless they change their two-factor authentication method or pay for the platform’s subscription service.
Two-factor authentication allows users to protect their accounts even if someone stole their password. Twitter users who have this security process enabled can log into their account after entering their password and a code received via text message or an authenticator app. You can also use a security key.
The company said in a blog entry It no longer allows “accounts to opt-in to the text messaging/SMS method of 2FA unless they are Twitter Blue subscribers”.
“To be clear, two-factor authentication is still not required to log into Twitter, although we strongly encourage users to turn it on. This change only restricts the 2FA methods available to accounts that are not subscribed to Twitter Blue,” Twitter support tweeted on Friday. Twitter Blue, the platform’s subscription service, costs $8 per month if you sign up over the web or $11 per month on your mobile device.
Twitter users can change their two-factor authentication app through the account settings. Once users click “Security and Account Access,” they’ll see three different options in a Two-Factor Authentication section.
Twitter’s announcement came hours after Platformer’s Zoë Schiffer tweeted that the social network planned to make this change. It’s another example of Twitter trying to get more users to subscribe to Twitter Blue while advertisers scale back spending after billionaire Elon Musk acquired the company for $44 billion last year. The Information reported earlier this month that Twitter has about 180,000 subscribers in the US, so the service doesn’t appear to be popular with users of the platform. The company has tried to get more people to subscribe by offering a coveted blue tick, longer tweets, and other features.
The change also comes as Twitter faces closer scrutiny and complaints from whistleblowers that the company isn’t doing enough to keep users safe. Last year, Twitter Users complained that two-factor authentication wasn’t working properly, and the company said it’s investigating cases of SMS codes not being delivered.
Using a text message for two-factor authentication, Twitter said in a blog post, was “used — and abused — by bad actors.” Hackers have attempted to access codes sent via SMS by transferring someone’s phone number to another device, known as SIM swapping.
Twitter users who disable SMS 2FA will not automatically disconnect their phone number from their account, but can update their number in Account Settingsthe company announced.