/cdn.vox-cdn.com/uploads/chorus_asset/file/23951430/acastro_STK050_04.jpg)
As part of this change, Twitter will also turn off 2FA for your account completely if you don’t switch away from SMS verification or pay for Blue before that deadline, leaving your account vulnerable to hacking. Fortunately, you can still enable 2FA for free using an authenticator app, like Google Authenticator or Authy. You can also use a security key, but this requires the purchase of an actual piece of hardware.
Twitter’s making SMS 2FA a paid feature because it’s the least secure form of authentication. This may seem counterintuitive, but it should at least steer non-subscribers away from the method, as it’s known to leave users susceptible to an attack known as SIM swapping.
This can occur when a bad actor uses social engineering or some other kind of tactic to convince your mobile carrier to reassign your phone number to their device. They can then intercept the text messages you receive, including those SMS 2FA codes, potentially allowing them to gain access to your accounts.
