X’s move to make people pay for a basic form of two-factor is problematic. It also created confusion because the company prompted free users to switch away from SMS two-factor, but then seemingly simply turned off the protection altogether for those who didn’t. This likely left a group of users in a situation where they think they have two-factor authentication on, but actually don’t.
I have no idea if sms (ew) is an option, or if it is paid limited, but yeah I’ve had TOTP for years on my account and it’s still working fine, no financial transactions made, so…