Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
186 recasts
590 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
10 replies
11 recasts
95 reactions

๐Ÿ“ฟ zach harris ๐Ÿ™๐Ÿผ pfp
๐Ÿ“ฟ zach harris ๐Ÿ™๐Ÿผ
@zachharris.eth
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction

RicMoo.eth pfp
RicMoo.eth
@ricmoo
The key thing in this case is that SMS wasnโ€™t part of the 2FA. If you have a phone number in your *account info* (completely unrelated to 2FA), then an attacker can reset your password using that number. You have to delete the number from your account info. :s
1 reply
0 recast
1 reaction

๐Ÿ“ฟ zach harris ๐Ÿ™๐Ÿผ pfp
๐Ÿ“ฟ zach harris ๐Ÿ™๐Ÿผ
@zachharris.eth
Thatโ€™s scary, so they social engineer, the Sim, and then used access from the phone to do a manual reset? Sounds like the real anarchist cookbook shit.
0 reply
0 recast
0 reaction