Twitter said on Friday it will allow only paid subscribers to use text messages as a two-factor authentication (2FA) method to secure their accounts.
After March 20, “only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method,” the company tweeted.
To be clear, two-factor authentication is still not required to log into Twitter, although we highly encourage users to enable it. This change just restricts the 2FA methods available for accounts not subscribed to Twitter Blue.
— Twitter Support (@TwitterSupport) February 18, 2023
Two-factor authentication, meant to make accounts more secure, requires an account holder to use a second authentication method in addition to a password. Twitter allows 2FA by text message, authentication app and a security key.
The company believes phone-number-based 2FA is being abused by “bad actors,” according to a Wednesday blog post that the company’s tweet linked to. “So starting today, we will no longer allow accounts to enrol in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier,” the company said in the post.
Users who have not subscribed to Twitter Blue but already have SMS based 2FA enabled will have 30 days to disable it and enrol in another method, according to Twitter
Twitter owner Elon Musk tweeted “Yup” in reply to a user tweet that the company was changing policy “because Telcos Used Bot Accounts to Pump 2FA SMS,” and that the company was losing $60 million (roughly Rs. 490 crore) a year “on scam SMS.”
The blue check mark, previously free for verified accounts of politicians, famous personalities, journalists and other public figures, is now open to anyone prepared to pay.
Last month, Twitter said it would price Twitter Blue subscription for Android at $11 (roughly Rs. 900) per month, the same as for iOS subscribers.
© Thomson Reuters 2023