Twitter just made me disable my SMS 2FA setting, reserving the feature for twitter blue users.
It's a weird decision on their part, they still allow me to use an MFA application or a hw key, just not SMS.
SMS 2fa is understood to be the least secure form of MFA so I am surprised Twitter only reserves it for their twitter blue users.
I guess it actually makes a lot of sense, this is because sending SMS costs money, sometimes quite a lot when you are doing it at scale, if the user is paying you at least recoup those expenses.
Whoever made this page, certainly isn't being completely honest. Twitter is only charging for SMS based 2FA... which is far less secure than the freely available options offered... if people want to pay for the SMS based and be less secure, that is their prerogative.
Yeah, to be honest this is a bit lame. The page links out to the original inspiration, https://sso.tax/, which is useful and highlights a very common, bad practice in pricing for business software.
If anything, they should be calling out the companies that only allow SMS based 2FA and don't offer any app based MFA solutions. (And there are still plenty of these companies)
Yeah, I find it the height of hypocrisy that Google talks about the dangers of SMS-based 2FA, but Firebase, the development PaaS owned by Google, only offers SMS 2FA for their auth product despite years of complaints.
11 comments
[ 2.0 ms ] story [ 37.1 ms ] threadIf that's true, and because it's the least secure MFA option, I don't see it being that difficult or controversial of a decision.
I also do enjoy that this is listed as an 800% increase, not really how 0->$8 works.