SMS Restrictions

Due to the prevalence of SMS fraud we're now restricting SMS-based 2FA to members of Pro account teams.

When a verification code is sent to a phone number, we pay a fee to our service provider (Twilio). Tying this to a paying customer creates a chain of accountability that reduces the incentive for abuse.

This restriction only applies to new verifications.

Existing numbers

If you already have a verified phone number on your account, it will continue to work as your 2FA method. You'll also be able to regenerate recovery codes.

If your existing number is unverified you won't be able to resend a new verification code. This is treated as a new number, because fraudsters continue to request verification codes that never complete.

Free plan users

If you're on the free plan and have a genuine need for SMS 2FA, contact us and we'll review your request. We're happy to whitelist accounts where the requirement is valid.

Alternatively, TOTP 2FA (via an authenticator app) is available to all users at no cost and is not affected by this change.

Rate limiting

Rate limiting for verifying phone numbers remains in place. This guards against scenarios where a bad actor is invited (deliberately, or otherwise) to join a paid account team, or is happy to pay a small price for what they think is unlimited SMS sending.