This is one of the dumbest and most dangerous security decisions I have ever seen.
YOU DO NOT MONETIZE ACCOUNT SECURITY.
Other methods still work, but it doesn't go out of its way to help users set them up either.
YOU DO NOT MONETIZE ACCOUNT SECURITY.
Other methods still work, but it doesn't go out of its way to help users set them up either.
If you decide to make a (dumb) sweeping change like this, you have to HANDHOLD your users through it. Every step of the way. Sometimes with pictures and video.
That's how crucial something like account security is, and why monetizing it is asking for a mountain of shit.
That's how crucial something like account security is, and why monetizing it is asking for a mountain of shit.
If you tell people to just shut off their authentication, some of them are going to be scared. Some will misunderstand. Some won't turn it back on at all.
And that's how you end up with major breaches and cyberattacks.
Musk is a fucking imbecile.
And that's how you end up with major breaches and cyberattacks.
Musk is a fucking imbecile.
What's even funnier here is that SMS authentication has always been the "good enough" option. It can be cracked, usually through social engineering employees at a wireless provider.
An authentication app - the FREE option now - is actually the more secure one.
An authentication app - the FREE option now - is actually the more secure one.
But on the other hand, SMS authentication was *something.* It was something users understood: phone number = security. It was functional, and in many cases it was the option people would default to.
Making it a "premium" option is going to bite Elon in his stupid ass.
Making it a "premium" option is going to bite Elon in his stupid ass.
1) Thanks for illustrating my point, and
2) Google Authenticator or Authy are decent options.
2) Google Authenticator or Authy are decent options.
https://twitter.com/Ammy_Okami/status/1626879236152893442
OH BUT THIS GETS DUMBER.
I wasn't *using* text authentication, yet it still sent me through the process of turning it off.
And that wiped my 2FA preferences, meaning I had to set up my autheticator app from scratch.
IMAGINE IF SOMEONE MISSES THAT STEP.
I wasn't *using* text authentication, yet it still sent me through the process of turning it off.
And that wiped my 2FA preferences, meaning I had to set up my autheticator app from scratch.
IMAGINE IF SOMEONE MISSES THAT STEP.
And at no point does the "you must turn off your authentication" message stress the absolute importance of having two factor authentication on your account.
If you didn't know any better it would sound optional, like a luxury feature.
If you didn't know any better it would sound optional, like a luxury feature.
Why is this happening? Why is the less-secure but easier authentication method becoming a Twitter Blue "feature?"
If I had to guess?
Sending SMS texts costs money.
Not a lot. Not for most people. But at scale? Millions of texts? Yup.
I promise you this is cost-cutting.
If I had to guess?
Sending SMS texts costs money.
Not a lot. Not for most people. But at scale? Millions of texts? Yup.
I promise you this is cost-cutting.
Considering less than a quarter of a million Twitter users actually subscribed to Twitter Blue, that means they won't have to send nearly as many texts AND they can act like they're adding a value feature to Twitter Blue while they actually erode their own security.
So to recap:
1) Doesn't walk users through crucial security
2) Actually shuts off existing non-SMS security if you follow the steps and don't turn it back on
3) Makes Twitter overall a less secure website.
All to save a few bucks.
This company is so fucked.
1) Doesn't walk users through crucial security
2) Actually shuts off existing non-SMS security if you follow the steps and don't turn it back on
3) Makes Twitter overall a less secure website.
All to save a few bucks.
This company is so fucked.
I would be begging you all to set up authenticator apps and even going through the steps myself to show you how ...
But what's the point?
This is not a good sign. This is a sign of a struggling company.
And more, I'm not going to do their fucking job for them.
But what's the point?
This is not a good sign. This is a sign of a struggling company.
And more, I'm not going to do their fucking job for them.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
