You Don’t Need to Buy Anything Just Because Twitter Wants You to Pay for TFA Texts

 Elon Musk has done some weird things, but this is the weirdest so far

SECURITY

Screen shot by author of Twitter TFA settings

I certainly wouldn’t presume to know what’s happening inside Elon Musk’s head, but from the outside looking in, it looks like he’s either trying to kill it or somehow turn it profitable.

Or he’s just bonkers.

Let’s go with the profit motive. What he first did there was to institute a charge for “Twitter Blue”. Currently ( late February 2023) the cost is $11 monthly or $114.99 yearly.

There are advantages to Twitter Blue. As of this writing, those advantages include 4,000 character Tweets, a 30 minute editing window, NFT profile pictures, a ranking boost, 1080p video uploads, and more features promised

In spite of all that swag, it appears that not a lot of people have bothered to take Twitter up on it and some number of those who did were up to no good.

Perhaps because of the disappointing response, Elon has now warned that text TFA (two factor authentication by SMS) will not be allowed unless you have Twitter Blue.

This is almost bat guano weird.

I say almost because it will save Twitter money. Although most of us can send SMS texts for free, Twitter and other high volume texters pay for that service.

Don’t cause yourself anxiety, don’t rush to change every site at once, but when you notice a site using text TFA, check to see if you can change it then. If you can, do so; it takes mere seconds.

But still weird. If you read the link pointing to their announcement, you may have noticed this sentence in the second paragraph:

While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used — and abused — by bad actors.

That’s not scaremongering, it’s truthful AF. Phone number based TFA can be abused. It’s unfortunately common, but at this point in technology time, there are better options and it should be abandoned now and forever.

So why let Twitter Blue folk still use this? And even more weirdly, that announcement also promotes security in its first sentence.

We continue to be committed to keeping people safe and secure on Twitter

Umm, so why not dump text TFA for everyone? And even more damning, why do they still allow password only login?

I suspect that the answer is simple: that might cost them millions of users who are either too technically naive to enable any form of TFA, too lazy, or are using ancient access methods that simply can’t do any modern TFA.

But the rest of us do not need to sign up for Twitter Blue or revert to using only password authentication.

As this article explains, you have simple options:

And it is simple to setup and it doesn’t require any more effort or time for login.

Do NOT forget to disable the SMS TFA option. Twitter will be disabling it anyway, but why leave anything possibly dangerous open?

And you should be looking at other sites that still use text TFA to see if you can switch to something better. Unfortunately, even sites like my own bank, where you’d expect the highest security, still only offer text TFA!

But for those that do, switch it, and disable text TFA. Further, unless the site actually needs your phone number, remove it from your account. That applies to Twitter too!

Delete Your Phone Number From Twitter Before They Sell It

According to a new report on Platformer, after alienating advertisers and losing revenue, Twitter plans to sell…


Unfortunately, some sites insist upon text TFA as a backup method. That defeats the security of using an authenticator!


One more thing: if the site offers Passkeys as an option, definitely take them up on it. Too few sites have implemented this, but they will.

So, pour one out for text TFA, but shed no tears. Don’t cause yourself anxiety, don’t rush to change every site at once, but when you notice a site using text TFA, check to see if you can change it then. If you can, do so; it takes mere seconds.

Comments

Popular posts from this blog

A Telegram From Mark Twain to My Great-Grandfather

A Major League Ballplayer Who Quoted Shakespeare at the Umpire

My Great-Grandfather’s Toy Cannon