This is one of the dumbest and most dangerous security decisions I have ever seen.
YOU DO NOT MONETIZE ACCOUNT SECURITY.
Other methods still work, but it doesn't go out of its way to help users set them up either.
If you decide to make a (dumb) sweeping change like this, you have to HANDHOLD your users through it. Every step of the way. Sometimes with pictures and video.
That's how crucial something like account security is, and why monetizing it is asking for a mountain of shit.
If you tell people to just shut off their authentication, some of them are going to be scared. Some will misunderstand. Some won't turn it back on at all.
And that's how you end up with major breaches and cyberattacks.
Musk is a fucking imbecile.
What's even funnier here is that SMS authentication has always been the "good enough" option. It can be cracked, usually through social engineering employees at a wireless provider.
An authentication app - the FREE option now - is actually the more secure one.
But on the other hand, SMS authentication was *something.* It was something users understood: phone number = security. It was functional, and in many cases it was the option people would default to.
Making it a "premium" option is going to bite Elon in his stupid ass.
1) Thanks for illustrating my point, and 2) Google Authenticator or Authy are decent options.
I wasn't *using* text authentication, yet it still sent me through the process of turning it off.
And that wiped my 2FA preferences, meaning I had to set up my autheticator app from scratch.
IMAGINE IF SOMEONE MISSES THAT STEP.
And at no point does the "you must turn off your authentication" message stress the absolute importance of having two factor authentication on your account.
If you didn't know any better it would sound optional, like a luxury feature.
Why is this happening? Why is the less-secure but easier authentication method becoming a Twitter Blue "feature?"
If I had to guess?
Sending SMS texts costs money.
Not a lot. Not for most people. But at scale? Millions of texts? Yup.
I promise you this is cost-cutting.
Considering less than a quarter of a million Twitter users actually subscribed to Twitter Blue, that means they won't have to send nearly as many texts AND they can act like they're adding a value feature to Twitter Blue while they actually erode their own security.
So to recap:
1) Doesn't walk users through crucial security 2) Actually shuts off existing non-SMS security if you follow the steps and don't turn it back on 3) Makes Twitter overall a less secure website.
All to save a few bucks.
This company is so fucked.
I would be begging you all to set up authenticator apps and even going through the steps myself to show you how ...
But what's the point?
This is not a good sign. This is a sign of a struggling company.
And more, I'm not going to do their fucking job for them.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Removing SMS authentication just because you won't take action to weed out the bots is like leaving rotting garbage all over your house, refusing to clean it up and then refusing to pay for an exterminator.
I promise you: if the bots were able to easily spoof phone numbers for SMS, they will find a way to work with an authenticator.
Then we'll still have to deal with the bots and a large number of accounts will be insecure, but Musk will have saved a rounding error on interest.
I'm worried she's proper stuck, but Sarah's telling me it's a better idea for right now just to turn out the lights, leave the porch door open and see if she just leaves on her own.
The best part about the Twitter Blue debacle is it's a meme: only rubes pay for Twitter, and it's often a correct assessment.
I know some of my mutuals use Twitter Blue, and I'm telling you: bail before they shut off "legacy" Verified checks, or you're going to get blocked A LOT
Right now most people can't tell at a glance who's using Twitter Blue and who's an actual notable person on the platform.
But when they do away with checkmarks for notable people, it's going to be really crystal clear who's paying for Twitter and most folks will block on sight.
Actually that's not true: most folks are going to have their feeds crowded with scammers, crypto-hacks, right wing cranks, ads for terrible products and online creatives who are under the mistaken impression Blue will help their visibility.