9 comments

[ 3.1 ms ] story [ 97.3 ms ] thread
Outage started at 13:00 UTC based on our logs. Can't send SMS.
Can't even login as 2FA is also down.
Don't use SMS as 2FA, it's insecure. TOTP is a much better solution.
Tell that to Twilio :(

For Twilio accounts, there is an option to add a TOTP secret, and use it when logging in. But, they don't support disabling the default SMS method, and using TOTP exclusively. When you authenticate using TOTP, you still have a fallback option to receive a SMS code.

So, in the case of Twilio, the TOTP feature only improves convenience, not security. At least that was the case when I looked a couple months back. I opened a support ticket about this, and they acknowledged the problem, and that was it.

Exactly this. I'd love to not have my mobile not associated with my account.
Yeah according to our logs, our messages started failing to send at Feb 26 13:01:24 UTC.
Can confirm that's about right.

One thing that I find interesting about that, is that's -just- after the TCPA window opens in the EST time zone. The other reason that raises my brow is this status update...

> Twilio services are now operating normally, however processing of Programmable Messaging queues was delayed during the incident.

Emphasis mine.