Twitter said on Friday it will allow only paid subscribers to use text messages as a two-factor authentication (2FA) method to secure their accounts.
After March 20, “only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method,” the company tweeted.
Two-factor authentication, meant to make accounts more secure, requires an account holder to use a second authentication method in addition to a password. Twitter allows 2FA by text message, authentication app and a security key.
The company believes phone-number-based 2FA is being abused by “bad actors,” according to a Wednesday blog post that the company’s tweet linked to.
Twitter owner Elon Musk tweeted “Yup” in reply to a user tweet that the company was changing policy “because Telcos Used Bot Accounts to Pump 2FA SMS,” and that the company was losing $60 million a year “on scam SMS.”