What to know about Twitter's 2FA changes

• These login codes are an added form of security to verify that the person who is logging in to the account is the actual owner.
• However, while texts will end, the company will allow nonsubscribers to set up multifactor authentication (MFA) for their accounts through app services, including those from Google and Microsoft.
• Nonsubscribers should "consider using an authentication app or security key method instead," the company wrote in a blog post last week.

Why it matters: Receiving a login code via text is the most popular form of two-factor authentication among the small number of Twitter users who enroll in the service.

• According to data from July through December 2021, the latest numbers available, 2.6% of Twitter users have MFA enabled. Among those, nearly 75% use text-based MFA.
• And it's unlikely those Twitter users will all move to a different authentication service, like Google Authenticator.

Yes, but: Malicious hackers have increasingly targeted people via text-based MFA requests, leading to several high-profile data breaches in the last year.

The big picture: Even with text-based login codes enabled, Twitter has still had its fair share of account takeovers and breaches.

• In 2020, hackers took over several high-profile Twitter users' accounts — including now-owner Elon Musk's — after nabbing several employees' internal accounts.
• Earlier this month, the U.S.'s top cyber diplomat said his personal Twitter account had been hacked.

Between the lines: Twitter is framing the choice as a move to better secure users' accounts from malicious hackers.

• However, Musk said the change was also because "Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages."

Sign up for Axios’ cybersecurity newsletter Codebook here.