Twitter 2FA now a paid feature??

Forums › Social networks, social media and tools › Twitter 2FA now a paid feature??

geoffwnz

1587 posts

Uber Geek

ID Verified

#303565 19-Feb-2023 14:12

Anyone else noticed or been "warned" that if they don't either disable 2FA or purchase "Twitter Blue" they cannot have Twitter text 2FA?

Seems a bit of a great way to kill the app by forcing people to buy basic security.

MotorDrive Rallying

sdavisnz

1015 posts

Uber Geek

Trusted

#3039025 19-Feb-2023 14:14

Hes only paywalling 2fa over SMS, you are free to use other types of 2fa that does cost twitter alot of money like sms.

Voice gives context

geoffwnz

1587 posts

Uber Geek

ID Verified

#3039026 19-Feb-2023 14:16

sdavisnz:

Hes only paywalling 2fa over SMS, you are free to use other types of 2fa that does cost twitter alot of money like sms.

Yep, further digging into the security settings I managed to discover this just now. Certainly was not clear from the "warning" which I feel was carefully worded to point people towards paying rather than switching to a different 2FA method.

MotorDrive Rallying

boosacnoodle

963 posts

Ultimate Geek

#3039080 19-Feb-2023 17:46

SMS typically costs money to send, or receive (as the case may be in USA). So I’d just put it down to Elon cost cutting.

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3039136 19-Feb-2023 21:34

Never mind that SMS 2FA is widely considered insecure and should be banned.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#3039139 19-Feb-2023 21:48

Lias:

Never mind that SMS 2FA is widely considered insecure and should be banned.

While I agree with you it is also a double edged sword.

Lets say somebody on Twitter has the password "Password1!" which has been seen by Pwned Passwords 7960 times before and is often the 2nd or 3rd password tried on any password list an attacker still wouldn't be able to access a users account due to a 2FA method enabled.

Now, if that same user didn't have SMS based 2FA enabled? The attacker will be straight in.

SMS based 2FA while insecure and unreliable is still seen as a "better than nothing" method. Sure, there are potential ways around it but for a standard script kiddie brute-forcing somebody with commonly used passwords it has already protected the account from compromise.

Now, considering the message is not actually that clear in what to do next (apart from paying them) and doesn't even suggest diving into your settings to enable app-based 2FA my worry is it is suddenly going to open up a bunch of accounts all because Elon wants to cut costs. People don't know about alternative methods and I've already had to teach 4 people how to use Microsoft Authenticator as it is an easy to explain app.

This is why SMS based 2FA still has its place. Most people don't know better but are slowly adapting. This is also why banks still use it also (along with other methods like banking app push notifications).

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.