Father ChaseWhat kind of mickey mouse bs...Elon should be ashamed of this. "yeah actual security is only for paying subscribers"
Fr. Paul@Kalanthropos you can still use a 2FA app but this is trying to crack down on the alleged scam where mobile service providers are registering fake accounts to send SMS requests and con Twitter out of money, which is totally fake
karl rove knausgård@BackwardsFeet @Kalanthropos yeah it’s worth saying explicitly that the better move would be banning text message 2FA altogether, the weird thing here is allowing it for twitter blue
@BackwardsFeet @Kalanthropos text-based 2FA has been understood to be a bad idea for a long time, it just always takes the industry a long time to catch up. i hope we start the move to passkeys soon.
@UhActually @Kalanthropos unfortunately it's by far the most accessible, most normies don't want an app (cf. Above) and no way are YubiKeys gonna become widespread. Most people are simply willing to take the risk.
@BackwardsFeet @UhActually honestly I can only imagine content would have improved if my Twitter got hacked
Kirk G@kagger @UhActually @Kalanthropos a lot more tech nerds in the higher up positions at Twitter - banking execs are probably wary of anything new that they think could somehow increase liability.
sam l&@BackwardsFeet @kagger @UhActually @Kalanthropos banks are also subject to a lot more scrutiny from regulators where even if they introduced no liability the regulators might signal that changing authentication is “risky”
@zetazero @BackwardsFeet @kagger @UhActually the most humorous 2fa to me is steam. Oh no, someone might hack my account and enjoy my video games for free. What a terrible thing that would be
@Kalanthropos @zetazero @BackwardsFeet @UhActually well I mean they could get you VAC banned, sell your rare items, or buy themselves games with a saved CC.
I once got my brother banned from a Desert Combat server for accidentally TKing
@kagger @BackwardsFeet @UhActually @Kalanthropos changes mean audits and audits are expensive and bankers are going to ask why we spent money to fix something that worked
Kelson@BackwardsFeet correct I do not want an app (but I don't mind a phone call)
Phillip J 💚🐝🐐🐓🦃𓅱@UhActually @BackwardsFeet email authentication seems super weak as well, yet that seems even more ubiquitous than sms
@Kalanthropos @BackwardsFeet email is better I would think actually. the basic problem with SMS 2FA is that it’s relatively easy to hijack someone’s number and then receive their 2F codes. National Institute of Science and Technology advised against it for this reason.
@Kalanthropos @BackwardsFeet the tech companies have come up with a technology called “passkeys” that is designed to eliminate the need for both two factor and passwords — the way it works behind the scenes is pretty advanced but the experience is dead simple, you just do a face/touch ID or enter your computer/phone’s password and voila. but nobody feels like implementing it so far.
@UhActually @Kalanthropos all of this 2fa talk is going to make me actually finally sit down and make sure I have the backup codes for all of my accounts somewhere. I have the main accounts' codes scattered in various places but I should make sure I have everything and in a place I know where they are.
@BackwardsFeet @UhActually @Kalanthropos I got locked out of an old Slack account because I lost the backup codes. It's a good thing to do.
Most Excellent
Theophilus@UhActually @Kalanthropos @BackwardsFeet my password manager has a 2FA tool so I can use it for password storage and authentication of a single log in, but that feels like all my eggs in one basket
@OptimeTheophile @UhActually @Kalanthropos @BackwardsFeet I do something similar, and I always thought it was funny that it kind of defeats the purpose. 😅
@OptimeTheophile Yeah I use that too. I think it makes sense inasmuch as the main point of 2FA is to prove identity with something besides a password since so many passwords are so weak.