From March 20, only Blue subscribers can use SMS-based two-factor authentication: Twitter

In an update to Twitter’s 2FA service, the Elon Musk-owned microblogging website has announced that after March 20, only Twitter Blue subscribers will be able to use the text message/SMS-based method of the 2FA facility.

Making the announcement on its official blog on Feb 15, Twitter attributed the move to ‘the misuse by bad actors’ of the phone number-based 2FA, one of the three methods of the authentication service, the other two being authentication app and security key.

What happens after March 20?

To continue using the text message/SMS facility, non-Blue subscribers have 30 days from the day of announcement to disable the method and enroll for either of the other two. After March 20, Twitter will not allow non-Blue users to use this method, and accounts still enrolled for the text-based 2FA will be disabled.

Also, disabling the text facility will not automatically disassociate a user’s phone number from her/her Twitter account. Additionally, the availability of the SMS facility for Blue users may vary by country and carrier, said the Musk-owned social network.