Elon Musk’s tenure as head of Twitter has been something of a rollercoaster ride from day one.
Internally there have been mass staff-sackings, crazy diktats like the memo telling remaining staff they had to be ‘extremely hardcore’ around their working hours – resulting in one executive taking a sleeping bag to the office to sleep there after an 18-hour day (only to get fired anyway).
And externally there have been policy lurches too: starting to charge VIP users for their famous blue ticks – before opening up the status to anyone willing to pay, adding and then removing features in days, splitting content into ‘for you’ or ‘following’ categories to fundamentally change the way that feeds work.
Whether there’s a strange genius at work that will be ultimately vindicated, or Musk is destroying the essence of the product he bought for $44 billion and rendering it valueless, remains to be seen.
But perhaps the most apparently bizarre move of them all came just recently to much less fanfare than many of these others. That was probably because it was a technical one rather than related to content or status, categories users tend to be more concerned about. But it tells an interesting tale that I think is worth exploring.
The platform announced in February that users who wanted to continue to use Twitter’s SMS two-factor authentication (2FA) method would be forced to pay for the service from March – because from March it would only be available to those blue tick accounts, which of course now cost $8 per month to retain.
Twitter warned those not prepared to pay for this upgrade that it would turn off 2FA for their accounts completely.
Well because 2FA is now becoming an increasingly discredited and outdated security function anyway – so it’s far from a premium service.
You have, in Elon Musk, a man with cutting edge tech apparently built into his DNA: he co-founded PayPal which transformed financial transactions across the nascent internet ecosystem, he aspires to transform transport globally via his Tesla brand and aspires to transform travel beyond globally – to infinity and beyond, as it were – with his SpaceX project.
But here was Musk talking about a security system that’s been nudging towards being outdated since at least 2016 when it was first flagged by the US Department of Commerce’s National Institute of Standards and Technology as not fully secure. And seven years ago is aeons in the fast moving tech world where everything happens more and more quickly.
I suspect this policy announcement wasn’t quite the clunky move it first appeared. And that the real news was buried lower down in the explanatory notes from Twitter.
“We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead,” this read. “These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure.”
In other words, Twitter was getting rid of 2FA because it was becoming obsolete – and it was doing its own housekeeping by forcing users to get with the programme by using more up-to-date security protocols.
And the $8-a-month to keep 2FA was probably a Musk side-hussle attempt to try to use the switch to leverage those who were so attached to it that they’d be prepared to pay to keep it into taking up his blue tick subscription. In other words, monetise it if you can – as he seems to be intent on doing across the platform.
But, otherwise, the move is a red herring, and the real story is that 2FA is being phased out across the world.
The reason is that it’s become too easy in some scenarios to bypass the security it’s meant to provide. Fraudsters – or ‘bad actors’ as they’re known in Musk speak – are able, for example, to outflank 2FA in scams like ‘Sim Swap’. This is when mobile phone providers are tricked into providing a replacement Sim for a supposed lost handset or similar without the real owner of the relevant phone knowing anything about it – so that when the replacement sim is fitted into another handset the fraudster who has that in their possession can take over his victim’s online identity. And any 2FA messages can be intercepted and used to aid rather than prevent this fraud.
But if you are still using 2FA in most contexts you don’t need to panic. It’s not inherently dangerous by any stretch – in fact it’s entirely robust in the vast majority of situations. But its weak areas mean it is broadly beginning to be retired in favour of systems that are robust across the board.
The newest systems restore the idea of ensuring the device and the user are one and the same entity. This eliminates the areas where 2FA is prone to being bypassed.
Our version of the most up-to-date protection systems is TMT Authenticate. It provides a seamless check – so seamless the user isn’t even aware it’s happening – with no verification codes or other hassles and no weak spots. And it’s more secure than anything that’s yet been devised.
It works by using up-to-the-minute data on users and the integrity of their mobile phone accounts from the telcos themselves so it’s a near-perfect insight.
We’re encouraging our clients to move towards offering this function. It’s proving extremely popular. And you don’t even need a Twitter account let alone a blue tick to subscribe.
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
