Twitter is making text-based two-factor authentication a paid feature

Twitter users will soon have to use an authenticator app or a security key to be able to use two-factor authentication if they’re not a Blue subscriber. The website has made text-based 2FA an exclusive feature for members paying for its subscription service. Non-Twitter Blue members can no longer activate it if they haven’t yet, but those who’ve already been using it will have until March 20th to disable the method and enable another type of authentication. Twitter will simply disable their 2FA if they fail switch before that date. 

In its announcement, Twitter said it has come to the decision after seeing “phone-number based 2FA be used — and abused — by bad actors.” Some critics are doubting Twitter’s explanation, however, and speculating that the company’s real intention is to add SMS 2FA as one of the features it offers with its subscription service. To note, a Blue subscription costs between $8 to $11 a month or $84 a year and adds a checkmark next to the user’s name. 

Whatever Twitter’s real intentions are, most users who have two-factor enabled on the website may now have to change their log-in habits. According to the company’s transparency report from 2021, 74.4 percent of users who have 2FA enabled use the SMS method. A mere 28.9 percent uses authenticators, and a tiny fraction (0.5 percent) has security keys. Further, only 2.6 percent of all Twitter users enabled two-factor authentication, though the numbers may have changed since then.

“We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead,” the company said. “These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.”