As part of this change, Twitter is also disable 2FA for your account in full if you don’t change SMS verification or pay Blue by that deadline, leaving your account vulnerable to hacking. Fortunately, you can still enable 2FA for free using an authenticator app, like Google Authenticator or Authy. You can also use a security key, but this requires the purchase of an actual piece of hardware.
Twitter is making SMS 2FA a paid feature because it is the least secure form of authentication. This may seem counterintuitive, but it should at least steer non-subscribers away from the method, as it has been known to leave users susceptible to an attack known as SIM swapping.
This can happen when a criminal uses social engineering or some other type of tactic to convince your mobile operator to reassign your phone number to your device. They can then intercept the text messages you receive, including SMS 2FA codes, potentially allowing them to gain access to your accounts.
