kindrudekid
kindrudekid t1_je5cpj8 wrote
Reply to comment by skoomski in US opens investigation into Tesla seat belts coming loose by StevenSanders90210
And here how to enable 2FA on twitter without paying for blue: https://www.theverge.com/23606430/how-to-secure-twitter-account-2fa-without-blue
kindrudekid t1_je3ihy4 wrote
Reply to comment by jd52995 in US opens investigation into Tesla seat belts coming loose by StevenSanders90210
You can still use 2FA, just not via sms.
TOTP, yubikey etc are still free.
Edit: those down voting me, as I say in my job, RTFM or in this case the entire email/page about this notice.
You can still use authenticator apps and/or security keys for free. Here's how to do it: https://www.theverge.com/23606430/how-to-secure-twitter-account-2fa-without-blue
kindrudekid t1_je5nx1s wrote
Reply to comment by adreamofhodor in US opens investigation into Tesla seat belts coming loose by StevenSanders90210
No they still offer the 2FA service.
Previously they offered it via SMS, TOTP based Authenticator Apps (Google Authenticator, Duo Security, Authy etc) and Security Keys (Yubikey)
SMS based 2FA is weak and been vulnerable for almost a decade now. NIST sent out an official notice back in 2016. Google and Apple phased it out completely too.
So Twitter just disabled the shitter, weaker, more vulnerable SMS based 2FA is not available. Not only is it bad from a InfoSec perspective, it is also a line item in capital expenses from a business perspective.
I do agree that the phrasing from twitter was shitty and instead of asking users to fork over money, they could have guided them to the alternatives.