Twitter to charge $8 a month for SMS two-factor authentication, and 75% of users are at risk

Just_Me_D

Ambassador Team Leader, Senior Moderator
Moderator
Jan 8, 2012
59,992
717
113
Visit site
Nothing to report here. Unless you’re a Twitter Blue subscriber, nothing has changed.
 

EdwinG

Ambassador
Mar 10, 2012
4,230
719
113
Visit site
Nothing to report here. Unless you’re a Twitter Blue subscriber, nothing has changed.

I’m kind of confused on the statement. I would argue that it’s IF you’re a Twitter Blue subscriber that nothing changed.

Above notwithstanding, SMS 2FA is poor, security-wise, so no big loss there.
 

Up_And_Away

Well-known member
Aug 27, 2021
1,215
49
48
Visit site
I don’t use Twitter, FB etc. No offense intended to anyone but IMHO it’s an impulse baiting-thought killing echo chamber toxifying society.
Be that as it may, maybe I don’t get the issue on this item. In 2023 there is an MFA that does not include the option of cell phone text code?
 

Up_And_Away

Well-known member
Aug 27, 2021
1,215
49
48
Visit site
I’m kind of confused on the statement. I would argue that it’s IF you’re a Twitter Blue subscriber that nothing changed.

Above notwithstanding, SMS 2FA is poor, security-wise, so no big loss there.

No offense intended Ed but that’s just not true. SMS text option for 2FA is not “poor” security wise. It isn’t an authenticator app but it’s many country miles from poor. We have been using it frequently as part of 2FA (when SSO isn’t applicable) it nearly wiped out users getting their accounts logged into by nefarious sources.
 

EdwinG

Ambassador
Mar 10, 2012
4,230
719
113
Visit site
No offense intended Ed but that’s just not true. SMS text option for 2FA is not “poor” security wise. It isn’t an authenticator app but it’s many country miles from poor. We have been using it frequently as part of 2FA (when SSO isn’t applicable) it nearly wiped out users getting their accounts logged into by nefarious sources.

It is better than none, on that I agree.

However, allow me to share this report by the USA’s NIST: https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-0.html

In particular, the “Mobile Device User” paragraph (emphasis mine):
To mitigate an attacker’s ability to achieve authentication using a stolen credential, when possible, configure services to use multi-factor authentication. Ideally, the additional factor should be provided by a separate device than the one being used to perform primary authentication (e.g., laptop and mobile app). Further, avoid the use of SMS messages for 2FA codes, as SMS messages can be readily intercepted.
 

Trending Posts

Members online

Forum statistics

Threads
261,066
Messages
1,769,404
Members
441,285
Latest member
krisgraver