Indeed, this feature is not the most secure, but for someone who is not a popular and well-liked figure, maybe this would be enough of a security option… and Twitter makes it pay!?

Twitter has been criticized more than praised, but we can’t help it if the new owner Elon Musk is taking questionable steps. As of March 20, they are removing a convenient feature for two-factor authentication (abbreviated to 2FA): you can’t get a verification code in SMS if you’re not a Twitter Blue subscriber. The site added that 2FA is still not mandatory to login to Twitter, but they encourage us to turn it on, and they are just limiting the options for non-subscribers.

Rachel Tobac, a cybersecurity awareness expert on Twitter, shared her views, ” Coupling essential security features with the requirement to pay, esp for the most used option of SMS 2FA, is not the right move. Should higher-threat model folks use app-based MFA [multi-factor authentication]/keys? YES! Should we require all folks to PAY or lose out on the 2FA they already enrolled in? No! Is it the dream of every security professional that we get folks enrolled in strong MFA? Yes! Do we hope they use app-based MFA at a minimum or keys? We would love that!

Is de-enrolling those who use SMS 2FA unless they pay the right way to educate and improve security? It’s not. If you have a low-threat model (you’re not in the public eye, harassed, etc.): move toward app-based MFA (Google Authenticator, Duo, Authy, Microsoft Auth, etc.). If you have a high threat model (public eye, harassed, etc.): move toward security key MFA,” Tobac wrote.

Tobac pointed out that only 2.6% of users use 2FA, and of those, 74.4% use SMS authentication methods. This is not the most secure model, as the SIM card can be stolen, for example, but if it were announced that ALL would be disconnected from 2FA, there would be no favoritism with subscribers. Instead, Twitter has created a problem and offered a solution for money.

No comment!

Source: GameRant