Perplexity AI forces phone-based 2FA for Pro subscribers, locking accounts and sparking backlash

⚡ Quick Take

Perplexity AI, the popular conversational search engine, has sparked user backlash by mandating phone number-based two-factor authentication (2FA) for its paying Pro subscribers, abruptly locking many out of their accounts. The move signals a critical inflection point for AI services, forcing a trade-off between flexible, high-tier security and platform control over user identity and abuse.

Summary

Perplexity AI rolled out this mandatory policy shift, insisting that Pro subscribers hand over a phone number for SMS-based 2FA. It's overwritten or straight-up disabled the authentication setups plenty of folks had in place already - leading to a flood of reports about locked accounts and real frustration from those who've been paying good money for uninterrupted access.

What happened

Have you ever logged in expecting everything to work just fine, only to hit an unexpected wall? That's exactly what hit Perplexity Pro users, with little heads-up beforehand. They got slapped with a non-negotiable prompt demanding a phone number for verification. If you couldn't or wouldn't provide it - say, due to spotty SMS service in your area - suddenly you're out in the cold, cut off from the service you've subscribed to and even stuck when it comes to handling your own billing.

Why it matters now

From what I've seen in similar tech shifts, these kinds of abrupt changes can really shake things up. Here, Perplexity's pivot from solid app-based options (think TOTP) to the much-maligned SMS 2FA feels like a step in the wrong direction for user security overall. It highlights a bigger tug-of-war in the AI world: how do you keep things secure and easy without the platform clamping down too hard on identity and misuse?

Who is most affected

The paying Pro subscribers bear the brunt, particularly those who've gone out of their way to steer clear of SMS 2FA because of risks like SIM-swapping. And don't forget users in spots where SMS just doesn't deliver reliably, or anyone holding out for privacy reasons - they're all feeling the pinch directly.

The under-reported angle

Look, this goes beyond a botched update; it's a calculated play to put control first. By locking in phone numbers, Perplexity gets a straightforward way to verify identities (a bit like basic KYC) and tackle the account-sharing that's quietly eating into their subscription bucks. Those lockouts? They're just the messy side effect of reining in the user base a little tighter.

🧠 Deep Dive

Ever wonder why a cutting-edge AI tool would push users toward an older, riskier way to log in? Perplexity's push for phone-based SMS verification has left its community buzzing with confusion - and yeah, a fair bit of annoyance. For a platform aimed at sharp, tech-forward folks, it's especially off-putting, nudging people away from stronger setups like TOTP apps (Google Authenticator or Authy come to mind) toward something prone to SIM-swaps or straight-up interception. User threads are full of stories painting this as a user-unfriendly overhaul that's thrown paid accounts into disarray.

At the heart, it's all about that tricky security swap. Sure, adding any 2FA beats going without - but experts have long flagged SMS as the soft spot in the chain. By making it the must-have, Perplexity's cooked up what's essentially a security paradox: they're ramping up protection on paper, yet dialing it back for those who'd already chosen better, non-SMS routes. That flies in the face of where the industry seems headed, toward tougher stuff like passkeys or hardware keys.

But here's the thing - why would an innovative AI outfit go this route? I've pondered that, and it probably ties more to safeguarding the business than polishing user defenses. A phone number's like a unique tag linked to real life, perfect for shutting down abuse before it starts. This mandate arms Perplexity against two big headaches: folks passing accounts around without paying, and bots hoovering up queries from the Pro APIs for search and summaries. Call it low-key KYC - it hikes the hurdles for freeloaders and ties each sub to a real, checkable person.

This puts Perplexity right at a fork in the road, offering a real-world lesson for the whole AI-service scene. While outfits like OpenAI or Anthropic keep 2FA choices open, Perplexity's no-compromise approach shows they're prioritizing abuse curbs and weeding out duplicates over top-shelf security picks. The fallout - all that user pushback - will be telling; it'll gauge if people will swap some control over their security (and data) for those premium AI perks.

📊 Stakeholders & Impact

✍️ About the analysis

Drawing from initial user chatter and a close look at standard auth security practices, this piece is geared toward product heads, security pros, and AI CTOs - folks who need to unpack the give-and-take between smooth experiences, solid defenses, and stopping platform abuse.

🔭 i10x Perspective

Perplexity's phone requirement isn't just a hassle at login; it's a clear signpost for where AI's boom is heading next. As the bills for those heavy-duty models stack up, expect platforms to shift from wild growth tactics to fiercely guarding what's theirs. This dust-up lays bare the core friction in AI services: clamping down on identities to plug revenue gaps will inevitably rub against what users want in terms of privacy and peak security.

The big open question lingers - who gives ground first, and what does that mean for building trust in the smart systems coming down the line?