I’ve written up a blog post with my personal thoughts on Twitter restricting SMS 2FA to Twitter Blue subscribers.

My post explains what 2FA is, why SMS 2FA is actually awesome, why Twitter did this, how Twitter can restore some security benefits to its users, and why passkeys will ultimately be the solution for account authentication.

Some background on me: I’m a software engineer working in what I call “usable security”. I’m passionate about this field because advancements can tangibly improve people’s lives, making their computing experiences easier and accounts more secure at the same time. This post contains some of my personal thoughts. It does not represent anyone else or [...]