Twitter users who secure their accounts using text message will lose the extra layer of security after March 20 unless they change their two-factor authentication method or pay for the platform’s subscription service.
Two-factor authentication allows people to protect their accounts even if someone has stolen their password. Twitter users who have this security process enabled are able to log into their account after they enter their password and a code they receive through a text message or an authenticator app. They can also use a security key.
The company said in a blog post it is no longer allowing “accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
“To be clear, two-factor authentication is still not required to log into Twitter, although we highly encourage users to enable it. This change just restricts the 2FA methods available for accounts not subscribed to Twitter Blue,” Twitter Support tweeted on Friday. Twitter Blue, the platform’s subscription service, costs $8 per month if you subscribe through the web or $11 a month on your mobile device.
Twitter users can change their two-factor authentication app through the account’s settings. Once users click “security and account access,” there’s three different options listed in a section for two-factor authentication.
Twitter’s announcement came hours after Platformer’s Zoë Schiffer tweeted that the social network planned to make this change. It’s another example of how Twitter is trying to entice more users to subscribe to Twitter Blue as advertisers pull back spending after billionaire Elon Musk’s $44 billion takeover of the company last year. The Information reported earlier this month that Twitter has roughly 180,000 subscribers in the US so the service doesn’t appear to be popular among the platform’s users. The company has tried to get more people to subscribe by offering a coveted blue checkmark, longer tweets and other features.
The change also comes as Twitter users complained that two-factor authentication wasn’t working properly and the company said it was looking into instances where SMS codes weren’t being delivered.and whistleblower complaints about how the company isn’t doing enough to safeguard the security of users. Last year,
Using a text message for two-factor authentication, Twitter said in a blog post, has been “used – and abused – by bad actors.” Hackers have tried to access codes sent through text message by transferring a person’s phone number to another device in what is known as SIM swapping.
Twitter users who disable text message 2FA will not automatically have their phone number disassociated from their account but can update their number in the account’s settings, the company said.