Submitted by StevenSanders90210 t3_1258g9f in news
kindrudekid t1_je3ihy4 wrote
Reply to comment by jd52995 in US opens investigation into Tesla seat belts coming loose by StevenSanders90210
You can still use 2FA, just not via sms.
TOTP, yubikey etc are still free.
Edit: those down voting me, as I say in my job, RTFM or in this case the entire email/page about this notice.
You can still use authenticator apps and/or security keys for free. Here's how to do it: https://www.theverge.com/23606430/how-to-secure-twitter-account-2fa-without-blue
adreamofhodor t1_je5gvl6 wrote
So Twitter took away a service they offered? Sounds like a bad deal to me.
kindrudekid t1_je5nx1s wrote
No they still offer the 2FA service.
Previously they offered it via SMS, TOTP based Authenticator Apps (Google Authenticator, Duo Security, Authy etc) and Security Keys (Yubikey)
SMS based 2FA is weak and been vulnerable for almost a decade now. NIST sent out an official notice back in 2016. Google and Apple phased it out completely too.
So Twitter just disabled the shitter, weaker, more vulnerable SMS based 2FA is not available. Not only is it bad from a InfoSec perspective, it is also a line item in capital expenses from a business perspective.
I do agree that the phrasing from twitter was shitty and instead of asking users to fork over money, they could have guided them to the alternatives.
[deleted] t1_je3n7qi wrote
[removed]
skoomski t1_je56vxn wrote
SMS MFA is not ideal as the text can be intercepted. Not sure why you are being downvoted.
https://www.techrepublic.com/article/top-5-reasons-not-to-use-sms-for-multi-factor-authentication/
kindrudekid t1_je5cpj8 wrote
And here how to enable 2FA on twitter without paying for blue: https://www.theverge.com/23606430/how-to-secure-twitter-account-2fa-without-blue
Viewing a single comment thread. View all comments