Twitter is making text-based two-factor authentication a paid feature

Twitter users will soon be required to use an authenticator app or a security key to use two-factor authentication if they’re not a Blue subscriber. The website has created text-based 2FA exclusive feature for members who pay for the subscription service. Non-Twitter Blue members can no longer activate it if they haven’t already, but those who have already used it have until March 20 to disable the method and enable a different type of authentication. Twitter will simply disable their 2FA if they don’t switch by that date.

In his announcement, Twitter said it came to the decision after seeing “phone number-based 2FA being used — and abused — by bad actors.” Some critics are to doubt Twitter’s explanation and speculation that the company’s real intention is to add SMS 2FA as one of the features it offers with its subscription service. Note: A Blue plan costs between $8 and $11 per month or $84 per year and adds a check mark next to the user’s name.

Whatever Twitter’s real intentions, most users who enabled two-factor on the website may now need to change their login habits. According to the company transparency report as of 2021, 74.4 percent of users who have 2FA enabled are using the SMS method. Only 28.9 percent use authenticators and a small fraction (0.5 percent) have security keys. Further, only 2.6 percent of all Twitter users have two-factor authentication enabled, though the numbers may have changed since then.

“We encourage non-Twitter Blue subscribers to use an authentication app or security key method instead,” the company said. “These methods require you to have physical possession of the authentication method and are a great way to make sure your account is secure.”