Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
176 recasts
555 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
10 replies
16 recasts
86 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
4 replies
2 recasts
49 reactions
Joe Blau ๐ŸŽฉ pfp
Joe Blau ๐ŸŽฉ
@joeblau
Using a phone number with 2FA is so bad, I send an email to USAA every year telling them to remove phone number 2FA on their site. TOTP, FIDO, or Yubikey... anything but phone number.
1 reply
0 recast
2 reactions
jamesyoung.eth pfp
jamesyoung.eth
@jamesyoung
remove phone number : Settings -> Your account -> Account information -> Phone
0 reply
0 recast
1 reaction
grunt.eth pfp
grunt.eth
@grunt
To clarify, u had no 2FA on twitter? Just a good password?
0 reply
0 recast
0 reaction
Ryan Lackey pfp
Ryan Lackey
@rdl
Does EF not have a CSO to handle this for you?
0 reply
0 recast
0 reaction
Gm_7_13_eth pfp
Gm_7_13_eth
@not3nough-eth
Everyday i learn more. Its like we need to take loss or something just so we are able to recognize the importance of anonymity. What would be the best way to have the 2FA? Or should we use more than 2 now๐Ÿค”It's a challenge for me to provide informative information 4 others who are less willing to become decentralized
0 reply
0 recast
0 reaction
Kindnesss.eth ๐ŸŒ pfp
Kindnesss.eth ๐ŸŒ
@kindness
Did you have non SMS 2FA enabled?
0 reply
0 recast
0 reaction
Zach Harris pfp
Zach Harris
@zachharris.eth
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction
Steve pfp
Steve
@stevehere.eth
https://twitter.com/settings/account/login_verification 'Authentication app' or 'Security key' should be the only 2 options there. So far have had no troubles with using my 2fa app.
1 reply
0 recast
0 reaction
Rouven pfp
Rouven
@rouven
@vitalik.eth besides removing phone number as backup, I would also recommend to 'lock' your account with T-mobile. It's more painful to switch eSims, but it gives you much better protection. I also suggest to add passcodes for messengers like Signal, Telegram and Whatsapp.
0 reply
0 recast
0 reaction