Multi-factor authentication—also known as two-factor authentication (2FA)—offers an extra layer of security for your online accounts by requiring you to produce a password and then a one-time code delivered via text, an app, or security key. It's essential for any service that houses personal information, particularly one that can blast your thoughts to the world with a tap.

Twitter, however, is reducing the ways that its users can use the feature, unless they pay up.

Twitter CEO Elon Musk has deemed SMS-based 2FA the privilege of those with Twitter Blue, its $8-per-month subscription service, which offers the option to edit tweets, secure a blue checkmark, and now, use SMS-based 2FA.

The news, first reported by Platformer, means non-Blue members who use text messages for 2FA must switch to an authenticator app or security key in the next 30 days or have 2FA disabled completely. People are already seeing messages when logging in to the app that say: “To avoid losing access to Twitter, remove text-message two-factor authentication by March 19, 2023.” 

While SMS-based 2FA is the weakest form of the security measure, removing it as a free option sends a message about how Twitter values security and its users. It’s also poor PR for little return since Twitter’s Account Security report from December 2021 showed that less than 2% of users utilized SMS-based 2FA. 

If you’re among that number, there are still other ways to secure your account with 2FA.

On the web or mobile, go to Settings and Support > Settings and privacy > Security and account access > Security > Two-factor authentication and uncheck the box next to Text message. Two-factor authentication will be turned off for your account. (That is, if this feature is not broken for you, as it is for some.) If you try to add SMS as a 2FA option without subscribing to Blue, you'll now get a prompt telling you to choose an authenticator app or security key.

Download your authenticator app of choice, such as Google Authenticator. Then go to Twitter and click Settings and privacy > Security and account access > Security > Two-factor authentication and click Authentication app.

Enter your password and click Confirm. (If you haven’t confirmed your email with Twitter, you’ll be asked to do so and will get a confirmation code via email that you’ll be directed back to Twitter to enter.) On the next screen, you’ll get overview instructions; read them and click Get started. You'll have the option to Link app or Link on another device. If you choose the latter (like an iPad or Twitter on the web), you can scan the QR code on the next screen with your phone and the account will be added to your authenticator app. Enter the code from the app into your Twitter account and you're good to go.

You can also use a physical authentication key like a YubiKey. Make sure you have the latest version of a supported browser (Chrome, Edge, Firefox, Opera, or Safari).Then go to Twitter and click Settings and privacy > Security and account access > Security > Two-factor authentication and click Security key.

You’ll be prompted for your password. (If you haven’t confirmed your email with Twitter, you’ll be asked to do so and will get a confirmation code via email that you’ll enter on Twitter.) You’ll get overview instructions. Read them and then click Start.

Then either insert the key into the USB port of your computer or sync it with Bluetooth or NFC. Touch the button on the key and follow the onscreen instructions. The security key should then appear under Two-factor authentication > Manage security keys.

PCMag is obsessed with culture and tech, offering smart, spirited coverage of the products and innovations that shape our connected lives and the digital trends that keep us talking.