
Twilio Forcing 2FA on Users - CanDoCondo
I just received an email from Twilio. The subject says it all:<p>&gt; [Action Required] You must enable Two-factor authentication on your Twilio accounts by October 12, 2020<p>I understand that they want their users to be safe, but how about letting the user decide how much security is needed for the phone numbers that are hosted at their platform? Yes, they may strongly suggest to enable 2FA, but please, let the user decide if such a burden makes sense to them.<p>To make it clear: I don&#x27;t want to manage 2FA codes for each and every service I am using.<p>Am I alone? Do people like being forced to enable 2FA?
======
mtmail
"Email service provider Sendgrid is grappling with an unusually large number
of customer accounts whose passwords have been cracked, sold to spammers, and
abused for sending phishing and email malware attacks. Sendgrid’s parent
company Twilio says it is working on a plan to require multi-factor
authentication for all of its customers, but that solution may not come fast
enough" [https://krebsonsecurity.com/2020/08/sendgrid-under-siege-
fro...](https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-
accounts/)

------
detaro
Your account being attacked is also a risk for them, so they can decide if
they want the burden of customers not willing to help protect them.

------
franzwong
Did they mention the consequence if you don't enable it?

------
speedgoose
I like to force people to enable 2FA.

------
Thin_icE
Why wouldn't you use 2FA? What is the burden to you? And why is it "forced"?
You use a company's service, you abide by their rules, period. There are
companies that force you to accept draconian terms, enforcing 2FA is good, not
bad.

------
sergiotapia
Hey.com also bugs you every frikin time about this. I don't want or need 2FA,
I use a nasty password with my password manager. I wished they didn't force us
to use this if we don't want to.

~~~
scott31
Wow you are using Hey.com, cool!

