"Now, it’s official: You have to pay for the privilege of using Twitter’s worst form of authentication. In fact, if you don’t start paying for #TwitterBlue ($8 a month on Android; $11 a month on iOS) or switch your account to use a far more reliable authenticator app or physical security key, Twitter will simply turn off your 2FA after March 20th."

Official: #Twitter will now charge for #SMS #2Factor authentication | #TwitterChaos #birdsite | The Verge

https://www.theverge.com/2023/2/17/23605073/twitter-blue-charge-sms-2fa

@bryanmsmith use 2FA (yes I know everyone hates it) for everything you can, preferably with an authenticator app or a hardware token like YubiKey instead of saving all your passwords in a 3rd party database that WILL eventually be hacked. This goes double for the password manager in your browser. #DontShootTheMessenger #2Factor #StaySafeOutThere

#Google does not have 1-factor login at all anymore? I just tried to log in to a low-security account that I only use for media, on a new device. I know the email address and password, but: no, I am not allowed to log in to my account using only username and password, unless I have access to an already-logged-in device.

Fair enough, I don't like #password-based logins anyway... But I don't like that apparently an existing account was switched over to an invisible #2factor scheme without notice.

#Twitter’s SMS Two-Factor Authentication Is Melting Down https://www.wired.com/story/twitter-two-factor-sms-problems/ #2factor

#OTP Links https://goo.gl/fb/GQJhvR #2factor

Very intersting writeup about #TOTP based on RFC 6238, as also used by Google Authenticator!
https://www.unix-ninja.com/p/attacking_google_authenticator
TL;DR: Don't use TOTP in its weak default configuration.
If you are forced to (e.g. by using Google Authenticator[!]) be aware of the risk.
#Infosec #2factor #authentication

Speaking of #2factor authentication: Remember to check back on the services you use and verify that a) you use a strong password b) what apps / services are connected and c) is 2factor auth activated.

Why does every bloody service need their own #2factor app? I mean yes it is nice that they have two factor. But it would be much nicer to offer some standard way in addition. Something like #TOTP or #FIDO/U2F? Something I can backup independently from my phone? #techyproblems