After two weeks of the chaos on Twitter, users are joining and fleeing the site in droves. Silently, many monitor their accounts, check their security settings, and download their data. But some users are reporting problems when they try to generate two-factor authentication codes via SMS: Either the text doesn’t come or it’s delayed by hours.
Glitchy two-factor SMS means users can be locked out of their accounts and unable to manage them. They may also find themselves unable to change their settings or download their data using Twitter access to. This also provides an early warning that the problems within Twitter are increasing.
Not all users have a problem receiving SMS verification codes, and those who rely on a verification program or an authentication token to protect their Twitter account may not have reason to try the system. But users have been self-reporting on Twitter since the weekend, and WIRED confirmed that on some accounts, verified posts were delayed for hours or never arrived. The cuts come less than two weeks after Twitter laid off half of its workforce, about 3,700 people. Since then, engineers, operations professionals, IT staff, and security teams have been stretched thin trying to improve Twitter’s offerings and innovate on Elon Musk’s innovations.
Reports suggest that the company may have laid off many workers too quickly and has been trying to hire other workers. Meanwhile, Musk has publicly stated that he is directing employees to turn off certain parts of the platform. “At some point in today’s era we’re going to turn off the ‘microservices’ bloatware,” he said tweeted this morning. “Less than 20 percent is needed for Twitter to work!”
Twitter’s communications department, which it says no longer exists, did not return WIRED’s request for comment on problems with two-factor authentication SMS. Musk did not respond tweet asking for feedback.
“Temporarily suspending multi-factor authentication can have the effect of locking people out of their accounts. But the biggest concern is that it encourages users to simply disable multi-factor authentication, which makes them less secure,” said Kenneth White, director of the Open Crypto Audit Project and a long-time security engineer. . “It’s hard to say what caused the problem that so many people are reporting, but it could be the result of a major change in the advertised websites.”
Text SMS is not the most secure way to receive authentication signals, but many people rely on the system, and security researchers agree that it is better than nothing. As a result, even moderate or severe outages are difficult for users and can put them at risk.
Twitter’s SMS authentication code delivery system has had persistent problems over the years. In August 2020, for example, Twitter Support tweeted, “We are looking for account verification numbers that are not sent via SMS or phone. We apologize for the inconvenience, and will keep you updated as we continue our work to fix this issue. ” Three days later, the company he added, “We have a lot of work to do to improve the delivery of verification codes, but we are making progress. We apologize for the inconvenience this has caused and appreciate your patience as we continue to process this. We hope that we will soon fix it for those of you who are not receiving codes.”