I’ve not covered much in the way of the Twitter drama. Frankly, I think it’s all a mess, but it’s also irrelevant to this audience.
That said, there is a story worth knowing about. Twitter has started notifying users that do not subscribe to the new paid Twitter Blue service that they will stop sending texts with login codes after March 20. The company will allow those non-subscribers to set up multifactor authentication using apps like Google or Microsoft Authenticator.
They also released some data. From the latest numbers available, 2.6% of Twitter users have MFA enabled. Among those, nearly 75% use text-based MFA.
Why do we care?
I’ve been watching the pushback in the security community to charging for security. While I may not be a fan of what’s happening at Twitter, I will note that this ….. is not that. There is a version that creates multifactor authentication that is available to all.
And, as anyone in security will remind you, text for login codes is not very secure anyway. Track companies that impose the security tax, particularly for single sign-on applications. For now, Twitter is not on that list.