Submitted by StevenSanders90210 t3_1258g9f in news
adreamofhodor t1_je5gvl6 wrote
Reply to comment by kindrudekid in US opens investigation into Tesla seat belts coming loose by StevenSanders90210
So Twitter took away a service they offered? Sounds like a bad deal to me.
kindrudekid t1_je5nx1s wrote
No they still offer the 2FA service.
Previously they offered it via SMS, TOTP based Authenticator Apps (Google Authenticator, Duo Security, Authy etc) and Security Keys (Yubikey)
SMS based 2FA is weak and been vulnerable for almost a decade now. NIST sent out an official notice back in 2016. Google and Apple phased it out completely too.
So Twitter just disabled the shitter, weaker, more vulnerable SMS based 2FA is not available. Not only is it bad from a InfoSec perspective, it is also a line item in capital expenses from a business perspective.
I do agree that the phrasing from twitter was shitty and instead of asking users to fork over money, they could have guided them to the alternatives.
Viewing a single comment thread. View all comments