Twitter users who secure their accounts via text message will lose the extra layer of security after March 20 unless they change their two-factor authentication method or pay for the platform’s subscription service.
Two-factor authentication allows people to protect their accounts even if someone steals their password. Twitter users who have this security process enabled are able to log into their account after entering their password and a code they receive via text message or an authenticator app. They can also use a security key.
The company said in a blog post it no longer allows “accounts to be enrolled in the text/SMS message mode of 2FA unless they are Twitter Blue subscribers.”
“To be clear, two-factor authentication is still not required to log in to Twitter, although we strongly encourage users to enable it. This change only restricts the 2FA methods available for accounts that are not is subscribed to Twitter Blue,” Twitter Support tweeted on Friday. Twitter Blue, the platform’s subscription service, costs $8 per month if you sign up via the web or $11 per month on your mobile device.
Twitter users can change their two-factor authentication app through account settings. When users click “security access and accounts,” three different options are listed in a section for two-factor authentication.
The Twitter announcement came hours after Platformer Zoë Schiffer tweeted that the social network planned to make this change. It’s another example of how Twitter is trying to attract more users to subscribe to Twitter Blue as advertisers pull back on spending after billionaire Elon Musk took over the company for $44 billion last year. The information reported earlier this month that Twitter has about 180,000 subscribers in the US so the service does not seem to be very popular among the users of the platform. The company has tried to get more people to subscribe by offering a popular blue checkmark, longer tweets and other features.
The change also comes because Twitter is facing more scrutiny and whistleblower complaints about how the company is not doing enough to protect user security. Last year, Twitter users complained that two-factor authentication wasn’t working properly and the company said it was looking into cases where SMS codes weren’t being delivered.
Using text messaging for two-factor authentication, Twitter said in a blog post, is “used — and abused — by bad actors.” Hackers have tried to gain access to codes sent via text message by transferring a person’s phone number to another device, a practice known as SIM swapping.
Twitter users who disable text message 2FA will not automatically disconnect their phone number from their account but can update their number in the account settingssaid the company.