@Kalanthropos you can still use a 2FA app but this is trying to crack down on the alleged scam where mobile service providers are registering fake accounts to send SMS requests and con Twitter out of money, which is totally fake

@BackwardsFeet @Kalanthropos yeah it’s worth saying explicitly that the better move would be banning text message 2FA altogether, the weird thing here is allowing it for twitter blue

@BackwardsFeet @Kalanthropos text-based 2FA has been understood to be a bad idea for a long time, it just always takes the industry a long time to catch up. i hope we start the move to passkeys soon.

@UhActually @Kalanthropos unfortunately it's by far the most accessible, most normies don't want an app (cf. Above) and no way are YubiKeys gonna become widespread. Most people are simply willing to take the risk.

@BackwardsFeet @UhActually @Kalanthropos It is insane banks don’t support Yubikey but Twitter does

@kagger @UhActually @Kalanthropos a lot more tech nerds in the higher up positions at Twitter - banking execs are probably wary of anything new that they think could somehow increase liability.

@BackwardsFeet @kagger @UhActually @Kalanthropos banks are also subject to a lot more scrutiny from regulators where even if they introduced no liability the regulators might signal that changing authentication is “risky”

@zetazero @BackwardsFeet @UhActually @Kalanthropos gotta pass that PCI compliance audit