I'm a big fan of using more secure two-factor authentication ... • Aaron Parecki

I'm a big fan of using more secure two-factor authentication methods like a security key or TouchID, but I will admit I never expected charging people to use SMS would be a viable strategy to get them off it 😅 https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

Portland, Oregon, USA • 43°F

Fri, Feb 17, 2023 9:26pm -08:00 #security #2fa #mfa #twitter

46 likes 6 reposts 12 replies
Have you written a response to this? Let me know the URL:
- PhotoJoseph twitter.com/photojoseph
  
  Apparently there’s a good reason for it… twitter.com/elonmusk/statu…
  
  Sat, Feb 18, 2023 6:08pm +00:00 (via brid.gy)
- Aaron Parecki twitter.com/aaronpk
  
  Exactly haha! SMS costs money to send those codes, and is less secure, so let's push people away from it!
  
  Sat, Feb 18, 2023 2:33pm +00:00 (via brid.gy)
- Brandon Trebitowski brandontreb.com
  
  We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.
  
  Does this mean that they are still supporting TOTP and others for non Twitter Blue subscribers?
  
  If so, that’s still a weird choice (to ditch SMS and keep others) as those are much more technical methods of auth than SMS. I would imagine most of their user base would have no idea how to set up apps like Authy or Google Authenticator.
  
  Such an odd move.
  
  Sat, Feb 18, 2023 6:29am -08:00
- Scott Stewart twitter.com/scott_stewart
  
  I had the same initial “I can’t believe they are going to charge to be secure” knee jerk reaction as most of Twitter is having, but once you stop to think about what they are doing it’s ironically a better precedent to start pushing!
  
  Sat, Feb 18, 2023 1:49pm +00:00 (via brid.gy)
- David Pellerin mstdn.ca/users/pellerin
  
  @aaronpk wtf??? Can t be true.! 😲🤦‍♂️
  
  Sat, Feb 18, 2023 1:50am -08:00
- 💉💉💉💉 Sean Houlihane 🕷️🔶 mastodon.ie/users/tsh2
  
  @aaronpk but the blog post says it's for security - only you can pay to keep using the insecure method...
  
  Sat, Feb 18, 2023 1:26am -08:00
- Blake Jackson twitter.com/Blaketastic2
  
  While I appreciate their attempt at informing users of the risk associated with SMS 2FA, let’s be real, this is purely about the money. SMS is expensive for them. But why offer a less secure experience to your more valuable users?
  
  Sat, Feb 18, 2023 9:11am +00:00 (via brid.gy)
- Margaret c.im/users/margarance
  
  @aaronpk @druid
  One can only hope that this finally persuades people just how unsafe an environment Twitter is under Musk. I’ve used 2fa since that period during the EURef campaign when hacking attempts became routine. My account is still there, unused - but this will end it.
  
  Sat, Feb 18, 2023 12:34am -08:00
- Šime twitter.com/simevidas
  
  Don’t worry Elon-Twitter will find a way to screw this up. People will be locked out of their accounts for hours because of bugs.
  
  Sat, Feb 18, 2023 8:24am +00:00 (via brid.gy)
- Etienne Koekemoer twitter.com/EtienneK
  
  I must admit, it’s not a terrible idea
  
  Sat, Feb 18, 2023 7:09am +00:00 (via brid.gy)
- cthos mastodon.cthos.dev/users/cthos
  
  @aaronpk right?!
  
  Fri, Feb 17, 2023 11:02pm -08:00
- Darren sfba.social/users/dplattsf
  
  @aaronpk you can imagine a whole series of security “upsells” here. For $13/month you can use 6 character passwords. At our platinum paid security level of $16.99/month, consecutive characters are permitted, common keyboard patterns and even password123 #twitter #infosec
  
  Fri, Feb 17, 2023 11:01pm -08:00

Posted in /notes using quill.p3k.io