52°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Aaron Parecki
    I'm a big fan of using more secure two-factor authentication methods like a security key or TouchID, but I will admit I never expected charging people to use SMS would be a viable strategy to get them off it 😅 https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
    Portland, Oregon, USA • 43°F
    #security #2fa #mfa #twitter
    Fri, Feb 17, 2023 9:26pm -08:00
    46 likes 6 reposts 12 replies
    • Andy Baio
    • Dan York
    • Dmitri Shuralyov
    • Foodiekenobi :mstdn:
    • Vadim Makeev
    • Tommi
    • Darryl Collins 🚴🏻
    • Druid 🏴󠁧󠁢󠁷󠁬󠁳󠁿
    • Patrick P.
    • Ryan :koto:
    • James' Coffee Blog
    • KanaMauna
    • slims :verified: :miyagi:
    • Tim Lavoie
    • Technodon :verified_gold:
    • cthos
    • Johan
    • ⛧Satanist⛧
    • jack the nonabrasive
    • Evert Pot
    • Alberto
    • Matt Raible
    • Hirsch Singhal
    • Etienne Koekemoer
    • Razvan Negri
    • S HλR-0N
    • Blake Jackson
    • Roger Schildmeijer
    • Barnaby Walters (waterpigs.co.uk)
    • Joseph H
    • Jason Flynn
    • Marco Tulio Ruiz
    • Scott Stewart
    • Ariel from Appfigures
    • Scott Olson
    • Kasper Zutterman
    • Sam 0xEACD
    • Gary F.
    • Orie Steele
    • Ideas At Random ...
    • Daniel ⚡️
    • Jim Willeke
    • Karan
    • IndieAuth
    • Yorick Phoenix
    • Hairway to Steven
    • Foodiekenobi :mstdn:
    • Margaret
    • Druid 🏴󠁧󠁢󠁷󠁬󠁳󠁿
    • slims :verified: :miyagi:
    • Bertrand 🏉
    • PhotoJoseph twitter.com/photojoseph
      Apparently there’s a good reason for it… twitter.com/elonmusk/statu…
      Sat, Feb 18, 2023 6:08pm +00:00 (via brid.gy)
    • Aaron Parecki twitter.com/aaronpk
      Exactly haha! SMS costs money to send those codes, and is less secure, so let's push people away from it!
      Sat, Feb 18, 2023 2:33pm +00:00 (via brid.gy)
    • Brandon Trebitowski brandontreb.com

      We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.

      Does this mean that they are still supporting TOTP and others for non Twitter Blue subscribers?

      If so, that’s still a weird choice (to ditch SMS and keep others) as those are much more technical methods of auth than SMS. I would imagine most of their user base would have no idea how to set up apps like Authy or Google Authenticator.

      Such an odd move.

      Sat, Feb 18, 2023 6:29am -08:00
    • Scott Stewart twitter.com/scott_stewart
      I had the same initial “I can’t believe they are going to charge to be secure” knee jerk reaction as most of Twitter is having, but once you stop to think about what they are doing it’s ironically a better precedent to start pushing!
      Sat, Feb 18, 2023 1:49pm +00:00 (via brid.gy)
    • David Pellerin mstdn.ca/users/pellerin

      @aaronpk wtf??? Can t be true.! 😲🤦‍♂️

      Sat, Feb 18, 2023 1:50am -08:00
    • 💉💉💉💉 Sean Houlihane 🕷️🔶 mastodon.ie/users/tsh2

      @aaronpk but the blog post says it's for security - only you can pay to keep using the insecure method...

      Sat, Feb 18, 2023 1:26am -08:00
    • Blake Jackson twitter.com/Blaketastic2
      While I appreciate their attempt at informing users of the risk associated with SMS 2FA, let’s be real, this is purely about the money. SMS is expensive for them. But why offer a less secure experience to your more valuable users?
      Sat, Feb 18, 2023 9:11am +00:00 (via brid.gy)
    • Margaret c.im/users/margarance

      @aaronpk @druid

      One can only hope that this finally persuades people just how unsafe an environment Twitter is under Musk. I’ve used 2fa since that period during the EURef campaign when hacking attempts became routine. My account is still there, unused - but this will end it.

      Sat, Feb 18, 2023 12:34am -08:00
    • Šime twitter.com/simevidas
      Don’t worry Elon-Twitter will find a way to screw this up. People will be locked out of their accounts for hours because of bugs.
      Sat, Feb 18, 2023 8:24am +00:00 (via brid.gy)
    • Etienne Koekemoer twitter.com/EtienneK
      I must admit, it’s not a terrible idea
      Sat, Feb 18, 2023 7:09am +00:00 (via brid.gy)
    • cthos mastodon.cthos.dev/users/cthos

      @aaronpk right?!

      Fri, Feb 17, 2023 11:02pm -08:00
    • Darren sfba.social/users/dplattsf

      @aaronpk you can imagine a whole series of security “upsells” here. For $13/month you can use 6 character passwords. At our platinum paid security level of $16.99/month, consecutive characters are permitted, common keyboard patterns and even password123 #twitter #infosec

      Fri, Feb 17, 2023 11:01pm -08:00
Posted in /notes using quill.p3k.io

Hi, I'm Aaron Parecki, Senior Security Architect at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming and dabble in product design.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2023 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv