At a glance.
- Twitter disables SMS authentication for all but blue-checked users.
- Deutsche DDoS.
- Cyber risk as business risk: the Applied Materials incident.
- GoDaddy's compromise.
- Cyber wars and cyber irregulars.
- Is Bing channeling Tay?
Twitter disables SMS authentication for all but blue-checked users.
Twitter's decision last week to revoke SMS texts as a two-factor-authentication (2FA) modality for all but paying Twitter Blue subscribers has been poorly received. Twitter explained, "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers." The Verge points out that the move away from SMS 2FA may be a cost-control measure, since it costs (a little bit) of money to send an SMS. It's true enough that SMS text authentication is not the best 2FA method, but it's better than nothing, and it's likely, as experts point out to NPR and Wired, that people who've used it as their default will not replace it with anything. And besides, why should subscribers paying for their blue check be expected to be content with an inferior method of authentication? Or are they paying for convenience?