Two-factor authentication by text message will no longer be available for all users on Twitter. Users have begun receiving notifications telling them to remove the security feature or “risk losing access to Twitter.”
In a statement posted to its blog on Wednesday, Twitter made the official announcement that it will begin only allowing paid Twitter users to use SMS authentication for their accounts. “We have seen phone-number based 2FA be used - and abused - by bad actors,” the statement reads, using an acronym for two-factor authentication. “So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers.”
Two-factor authentication requires users to enter a single-use code (often sent via SMS) in addition to their account password. This basic measure has been a helpful tool for many people to avoid hacking, doxxing, and identity theft. Twitter noted that other two-factor verification measures, like authenticator apps and security keys, would remain available.
Elon Musk, the CEO of Twitter, said in a tweet that the company has been “getting scammed by phone companies for $60M/year of fake 2FA SMS messages.” BuzzFeed News reached out to Twitter for any additional comment on the change, but did not immediately hear back.
Twitter Blue, a premium Twitter subscription which allows any user to buy a verification badge, costs $8 per month. Non-Twitter Blue users have 30 days to disable the security feature and enroll in the other two options provided: a physical security key or an authentication app. Any account that still has text authentication will have the feature automatically disabled by March 20.
“I had a stalker for years who would spend hours trying to hack my accounts,” culture writer Ella Dawson said. “I would get dozens of 2factor texts in a row. It was horrifying, but also a great lesson in how vital these security features are. Elon Musk is now charging for a basic necessity.”
On Friday, many began sharing screenshots of an in-app notification reminding users to disable the security feature or “risk losing access to Twitter.” Users outside the US have pointed out that Twitter Blue is not even available in some countries, making them more vulnerable without the option for SMS two-factor authentication. Celebrities like Alyssa Milano and Fifth Harmony’s Lauren Jauregui expressed their outrage, pointing out the dangers for their accounts as public figures.
“When we have legitimate careers that depend on our verifications as people pretend to be me every single day on this site. I’ve had this verification for 11 years and 2 step verification is necessary,” Jauregui said.
Those who have tried to comply have reported issues with attempting to disable the option at all. #TwoFactorAuthentication and #TwitterDown began trending on the site on Saturday, as many people shared their failed attempts to follow through with the platform’s demand.
The change to two-factor authentication is the latest in a string of controversial decisions that Musk has made since taking over Twitter in October 2022. Musk previously drew backlash as Twitter effectively put verification badges, previously an unpaid distinction used to identify legitimate accounts of public figures like celebrities, journalists, and government officials, up for sale via the Twitter Blue subscription. Then, mass layoffs and reports of strenuous working conditions have drawn major backlash from users and public figures alike. Musk has defended the layoffs and changes to policy as necessary based on Twitter’s revenue.
Authentication apps like Duo and Google Authenticator are still available as options for your account security, but for some, this might be the final straw for their time on the app.