Twitter users were greeted early Saturday with an ultimatum from the social media app: Subscribe to the platform’s new premium service or lose a popular account security feature. A pop-up message warned users they will lose the ability to secure access to their account via text message two-factor authentication unless they pay $8 a month to subscribe to Twitter Blue.
The message said that starting March 19, users who don’t subscribe will be locked out of their accounts until they remove the security feature. Here are some questions and answers about why Twitter made this change and alternative ways to secure your account:
What is two-factor authentication?
Two-factor authentication adds a second layer of security to password-protected accounts by having users enter an auto-generated code to log in. This extra step helps safeguard online accounts because in addition to the password, you need access to a separate app, device or phone number where you can receive the code.
Such codes can be generated by apps like Microsoft Authenticator or Google Authenticator. Or they can be sent to a user’s smartphone via text message. It’s the text message-based two-factor authorization that Twitter is now restricting only to subscribers of Twitter Blue.
Why is Twitter doing this?
In a blog post Wednesday, the San Francisco-based company acknowledged that the text message-based security method has been historically popular with its users, but said the feature is being “used – and abused – by bad actors.” The company did not respond early Saturday to an email seeking more details on how the security method was being abused.
Elon Musk, who completed his $44 billion takeover of Twitter in October, has been trying to find ways to maximize profits at the company. One of those is Twitter Blue, which among other features allows anyone to pay for verification previously reserved for celebrities, journalists and other well-known people.
In its blog, Twitter encouraged users who are not going to subscribe to Twitter Blue to consider using alternative account security options, specifically an authentication app or security key. These methods require you to have physical possession of the authentication method and are a good way to ensure your account is secure.
What are other options?
An authentication app or a security key will also add a layer of account security beyond just a password. A security key is a small, portable device that generates a set of random numbers that you enter when prompted when logging into an online account.
An authentication app uses the same approach, but instead of a separate physical device, the app is on your phone.
To set up an authentication app to secure your Twitter account, you will need to download one of a number of available applications to your device. They are free in the Apple or Android app stores. If you’d rather not use Google or Microsoft Authenticator, there are other options, including Authy, Duo Mobile and 1Password.
Once you have the app, open the desktop version of Twitter and click on the icon showing ellipses in a circle. There, you’ll find “Settings and privacy” then “Security and account access” and finally, “Security.” Here, you can select “Authentication app” and follow the instructions to set it up. Twitter will ask you to share your email address to do this, if you have not already.
Once you are all set, you can use the auto-generated numeric codes from your authentication app to add an extra layer of security when logging into Twitter.
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition