February 21, 2023

Twitter is restricting access to its text-based two-factor authentication (2FA), requiring users to have a Blue subscription to secure their account.

The company offers free two-factor authentication via third-party apps and a security key, which is considered more secure than SMS-based systems. If non-subscriber accounts that use SMS authentication do not switch by the deadline, Twitter has stated that two-factor authentication will be disabled for that account.

The change will go into effect on March 20. Twitter users will have two additional free options for authenticating their Twitter logins: an authentication mobile app and a security key.

“Non-Twitter Blue subscribers that are already enrolled will have 30 days to disable this method and enroll in another. After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled. Disabling text message 2FA does not automatically disassociate your phone number from your Twitter account. If you would like to do so, instructions to update your account phone number are available on our Help Center,” said Twitter on its blog.

Twitter admits in the blog that while SMS is a popular form of 2FA, it can be easily abused. As a result, the platform is tying the ability to use its worst form of authentication to a $8 subscription (or $11 if you use an iOS device). Non-Twitter Blue subscribers are advised to “consider using an authentication app or security key method instead.” So it’s either that or wait until March 20 when Twitter turns it off for you.

The sources for this piece include an article in CNN.