SMS-based two-factor authentication (2FA) — which sends a code via text messaging as a way to make sure your account is being accessed by you rather than an interloper — is better than nothing, but it isn’t that good. This was demonstrated recently when several members of our staff had password resets initiated on their Twitter accounts and then received messages trying to get them to text them a verification code. Messages like this one sent to senior news editor Richard Lawler:
Image: Richard Lawler
This is despite the fact that Twitter now offers SMS-based two-factor authentication only to its Twitter Blue members (costs begin at $8 a month). In fact, many of The Verge…
