Twitter and Meta are debuting new pay-for-security models. With the former, Twitter has announced that, as of March 20, 2023, only Twitter Blue paid users will be able to use mobile two-factor authentication after entering passwords.
It has concerned some commentators that if users do not pay, the platform will remove their basic security features altogether.
With the second announcement, Meta has said it will begin testing Meta Verified, a paid program that offers enhanced impersonation protections, access to account support, and more. With attacks consistent across the platform, many believe this protection should be a given.
With cybercrime continuing to evolve, for Matt Moynahan, three-time security CEO and President of OneSpan, there are serious questions arising from the two models.
Instead, Moynahan sees the importance of continuous identity verification and authentication online, the correlation between security and the customer experience.
As Moynahan explains to Digital Journal: “Social media platforms, and really any cloud platform, need security-infused workflows native to their digital experiences that guarantee the integrity of the identity of their users, their interactions, and their personal information.”
Turning to the specifics, Moynahan says: “This past week, Twitter and Meta announced they are implementing new pay-for-security models which stand to break an already vulnerable system as cost-conscious end-users will now need to pay for a secure experience.”
As to this, Moynahan warns: “Something seems off.”
He explains what he means by this as: “In a world of deepfakes and fake news, we need solutions that make it easier for everyone to identify and confirm identities as part of the platform itself. Starting on March 20th, only Twitter Blue paid users can use mobile two-factor authentication, and Meta is actively testing a new paid program, offering enhanced impersonation protections, access to account support, and more.”
Outlining his reservations further, Moynahan cautions: “When there’s a trust war rampant on the internet, social media platforms, and frankly, across all businesses, pay-for-security is the wrong move. Security is a critical part of digital interactions and it should not disrupt the user experience or the end-user’s wallet.”
Moynahan extends his criticism: “You shouldn’t have to sacrifice one for another. Robust security measures should be seamlessly interwoven throughout these platforms as a standard feature for all, as companies should strive to make it easier to build trust in the digital realm, not harder.”
This becomes ever more important for the future. Moynahan notes: “As we transition to Web3, identity verification, and authentication will continue to be two things companies need to get right to survive against threats. The time has come for these corporations to put monetary gain aside and keep user safety and customer experience at the forefront.”