@Kalanthropos you can still use a 2FA app but this is trying to crack down on the alleged scam where mobile service providers are registering fake accounts to send SMS requests and con Twitter out of money, which is totally fake

@BackwardsFeet @Kalanthropos yeah it’s worth saying explicitly that the better move would be banning text message 2FA altogether, the weird thing here is allowing it for twitter blue

@BackwardsFeet @Kalanthropos text-based 2FA has been understood to be a bad idea for a long time, it just always takes the industry a long time to catch up. i hope we start the move to passkeys soon.

@UhActually @BackwardsFeet email authentication seems super weak as well, yet that seems even more ubiquitous than sms

@Kalanthropos @BackwardsFeet email is better I would think actually. the basic problem with SMS 2FA is that it’s relatively easy to hijack someone’s number and then receive their 2F codes. National Institute of Science and Technology advised against it for this reason.

@Kalanthropos @BackwardsFeet the tech companies have come up with a technology called “passkeys” that is designed to eliminate the need for both two factor and passwords — the way it works behind the scenes is pretty advanced but the experience is dead simple, you just do a face/touch ID or enter your computer/phone’s password and voila. but nobody feels like implementing it so far.

@UhActually @Kalanthropos all of this 2fa talk is going to make me actually finally sit down and make sure I have the backup codes for all of my accounts somewhere. I have the main accounts' codes scattered in various places but I should make sure I have everything and in a place I know where they are.