Twitter to charge for SMS two-factor authentication

Twitter Blue subscribers will be the platform’s only users able to use text messages as a two-factor authentication method, Twitter announced Friday.

The change will take place on March 20. Twitter users will have two other ways to authenticate their Twitter log-ins at no cost: an authentication mobile app and a security key.

Two factor authentication, or 2FA, requires users to type in their password and then enter a code or security key to access their accounts. It is one of the primary methods for users to keep their Twitter account secure.

“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said in a blog post Friday. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”

Twitter Blue, which costs $11 a month for iOS and Android subscribers, adds a blue checkmark to the account of anyone willing to pay for one.

As of 2021, only 2.6% of Twitter users had a 2FA method enabled – and of those, 74.4% used SMS authentication, a Twitter account security report said.

Twitter said non-subscribers will have 30 days to disable the text method and enroll in another way to sign in using 2FA. Disabling text message 2FA won’t automatically disassociate the user’s phone number from their account, Twitter said.

Musk responded “Yup” to a tweet claiming a telecommunications company used bot accounts “to Pump 2FA SMS” and that Twitter was losing $60 million a year “on scam SMS.”