Jack the LionFeb 19, 2023
Christina Warren

This is a fantastic take on the #SMS #2FA stuff and Twitter’s recent decision that will hurt users. Must-read.

From: @rmondello
https://hachyderm.io/@rmondello/109888594955603915

Ricky Mondello (@[email protected])

I’ve written up a blog post with my personal thoughts on Twitter restricting SMS 2FA to Twitter Blue subscribers. My post explains what 2FA is, why SMS 2FA is actually awesome, why Twitter did this, how Twitter can restore some security benefits to its users, and why passkeys will ultimately be the solution for account authentication. https://rmondello.com/2023/02/18/twitter-sms-2fa/

Hachyderm.io
Feb 19, 2023 at 12:42amIceCubesApp
Show threadBob StarrFeb 19, 2023
@film_girl Couldn't agree more. @rmondello became an instant follow.
Show threadkepsteinFeb 19, 2023
@film_girl @rmondello while I don’t love less security options I’m ok with Twitter saying “pay for text messages if you really want them”. If they didn’t have app based 2FA, which is arguably better (but by no means perfect) then I’d had a real issue with their approach. I don’t personally see this as a huge deal. It’s just a change, something different - in my personal opinion this is among the least controversial changes from Twitter - there’s plenty else they’re doing that’s worth getting wound up about.
Show threadRicky MondelloFeb 19, 2023

@kepstein @film_girl This is a completely, really reasonable analysis if you’re considering how a really engaged and smart user like you handles this situation.

My post tries to consider the entire population of Twitter users and their security. A lot of the people affected won’t even hear about the change. Some will hear and not understand it.

Show threadkepsteinFeb 19, 2023
@rmondello @film_girl if we’re taking the broad view like that, then really passkeys can’t go mainstream too soon. People want “easy”. We have to make being secure, easy. Passkeys will bring “easy” to security. Hopefully we’ll see passkeys ramp soon and quickly. I enjoyed your segment on the Platforms State of the Union. Realistically, how much of a lift is it for an average web developer to enable passkeys with password fallback on their sites?
Show threadBelafonFeb 19, 2023
@film_girl @rmondello
I decided that will be my last day to access Twitter.
Show threadJack the LionFeb 19, 2023

@film_girl @rmondello this reminds me of the great nutrition advice "the best diet is the one you like". Obviously there are tons of optimal ways to approach anything in life (security, health, etc) but if something is a pain in the ass, few will stick around. I love sms 2fa because I always have my phone on me, and it's saved my ass when phones have broken and I've lost the codes to app based authentication.

This is a great blog post and it's inspiring me to up my passkey game :)