Twitter users who rely on text message (SMS) for two-factor authentication will soon lose the extra layer of security unless they switch to another method or subscribe to the platform’s Twitter Blue service. The change will come into effect on March 20th, 2023.

Two-factor authentication provides an additional layer of security that protects accounts even if passwords have been stolen.

Twitter users who enable two-factor authentication can log into their accounts after entering their passwords and a code that they receive through text message, an authenticator app, or a security key.

In a blog post, Twitter announced that it will no longer allow accounts to enroll in the text message/SMS method of two-factor authentication unless they are Twitter Blue subscribers.

Twitter Blue is the platform’s subscription service that costs $8 per month through the web and $11 per month on mobile devices.

Users can change their two-factor authentication method through their account settings. The security and account access section has three different options listed for two-factor authentication.

Twitter’s decision to limit SMS two-factor authentication comes as the company seeks to attract more subscribers to Twitter Blue, following advertiser pullback spending.

The information reported that Twitter has approximately 180,000 subscribers in the US, indicating that the service is not popular among the platform’s users. Twitter has attempted to encourage more subscriptions by offering longer tweets, coveted blue checkmarks, and other features.

This change also comes as Twitter faces scrutiny and whistleblower complaints about how the company is not doing enough to safeguard user security.

Last year, users complained that two-factor authentication was not working correctly, and Twitter responded by investigating instances where SMS codes were not being delivered.

Using SMS for two-factor authentication has been “used - and abused - by bad actors,” according to a Twitter blog post. Hackers have attempted to access codes sent through text message by transferring a person’s phone number to another device, a practice known as SIM swapping.

Twitter users who disable text message 2FA will not automatically have their phone number disassociated from their accounts, but they can update their number in the account settings.