We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.

Does this mean that they are still supporting TOTP and others for non Twitter Blue subscribers?

If so, that’s still a weird choice (to ditch SMS and keep others) as those are much more technical methods of auth than SMS. I would imagine most of their user base would have no idea how to set up apps like Authy or Google Authenticator.

Such an odd move.