Christina Warren
Cassandra Granade@film_girl The bit about how this is because SMS TFA is bad just gets entirely undermined by the part where it's still available to Blue users. Like... zero internal consistency at all.
Matt Stocum@cgranade @film_girl I’d actually respect this move if they just dumped SMS 2FA entirely.
@mattstocum @cgranade I almost would too. The reason I would hesitate is that Twitter has hundreds of millions of users and it seems unfair to make everyone who uses SMS less secure just because it isn’t as secure as TOTP. In any event, you need to give people longer than 30 days to migrate to the new method.
@film_girl yeah, like most things where security is involved, it’s complicated, has a series of trade offs, and needs intelligent people to think about the ramifications of what they’re doing. Which, of course, is why Elon is doing this in the absolute dumbest way possible. I’m sure the only factor behind his decision is cutting down on SMS fees, and the security bit is just something someone threw in the blog post without his knowledge.
Blake Leonard@mattstocum @film_girl Ironic since Twitter started out by only being available over SMS
John Carter@blake @mattstocum @film_girl also if I remember right it was impossible to switch off SMS without fully disabling 2FA until fairly recently. Though that was fixed pre-Musk I think.
@therefromhere @blake @mattstocum yeah, I’m pretty sure that was true. Tho I heard that employees who were laid off in November had to reenable SMS so they could have their accounts disconnected from corporate the right way and THEN they could swap to TOTP.