@film_girl The bit about how this is because SMS TFA is bad just gets entirely undermined by the part where it's still available to Blue users. Like... zero internal consistency at all.

@cgranade @film_girl I’d actually respect this move if they just dumped SMS 2FA entirely.

@mattstocum @cgranade I almost would too. The reason I would hesitate is that Twitter has hundreds of millions of users and it seems unfair to make everyone who uses SMS less secure just because it isn’t as secure as TOTP. In any event, you need to give people longer than 30 days to migrate to the new method.

@film_girl yeah, like most things where security is involved, it’s complicated, has a series of trade offs, and needs intelligent people to think about the ramifications of what they’re doing. Which, of course, is why Elon is doing this in the absolute dumbest way possible. I’m sure the only factor behind his decision is cutting down on SMS fees, and the security bit is just something someone threw in the blog post without his knowledge.