| A lot of people think that this is cost cutting. It isn't. What people are missing is that the Twitter Blue people who paid for Twitter are the people that Twitter doesn't want to stop paying. They would if this hit them, because _even though_ security professionals know that SMS-based two-factor authentication is a security problem, and even though getting rid of it has been widely propounded by Microsoft and others for almost half a decade now (Microsoft having doco going back to 2018), the userbase still sees it as "getting rid of security" and the loss of a perquisite. Just witness the headlines and news coverage in the past 24 hours: "Twitter will now charge to secure your account", "security features that could put a large number of the site’s members at risk if disabled", and so forth. Amusingly, the best headline today is probably Charisma Madarang in Rolling Stone magazine: "Twitter to Allow Only Blue Subscribers to Use Worst Form of Authentication" (https://www.rollingstone.com/culture/culture-news/twitter-bl...) M. Madarang even reminds us that Jack Dorsey fell victim to this very vulnerability in 2019. Remove this authentication choice from Twitter Blue people, and they stop paying for Twitter Blue, because they too, like the headline writers, don't see this as finally taking away something that has made them as vulnerable as Jack Dorsey was for years. So, ironically, in order to keep them paying, the Twitter Blue people get disadvantaged by Twitter. Security improvements are sacrificed in order to retain a revenue stream. |