Twitter said on Friday it will allow only paid subscribers to use text messages as a two-factor authentication (2FA) method to secure their accounts.

After March 20, “only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method,” the company tweeted.

Two-factor authentication, meant to make accounts more secure, requires an account holder to use a second authentication method in addition to a password. Twitter allows 2FA by text message, authentication app and a security key.

The company believes phone-number-based 2FA is being abused by “bad actors”, according to a Wednesday blog post that the company’s tweet linked to.

Twitter owner Elon Musk tweeted “Yup” in reply to a user tweet that the company was changing policy “because Telcos Used Bot Accounts to Pump 2FA SMS”, and that the company was losing $60 million a year “on scam SMS”.

The blue check mark, previously free for verified accounts of politicians, famous personalities, journalists and other public figures, is now open to anyone prepared to pay.

Last month, Twitter said it would price Twitter Blue subscription for Android at $11 per month, the same as for iOS subscribers.