Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
54 replies
141 recasts
567 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
11 replies
15 recasts
104 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
4 replies
3 recasts
60 reactions
Joe Blau pfp
Joe Blau
@joeblau
Using a phone number with 2FA is so bad, I send an email to USAA every year telling them to remove phone number 2FA on their site. TOTP, FIDO, or Yubikey... anything but phone number.
0 reply
0 recast
4 reactions
jamesyoung.eth pfp
jamesyoung.eth
@jamesyoung
remove phone number : Settings -> Your account -> Account information -> Phone
0 reply
0 recast
2 reactions
Jorge Pablo Franetovic ( jp ) pfp
Jorge Pablo Franetovic ( jp )
@jpfraneto
How was it to realize what had happened? What else did you learn about how we should design the next onboarding to crypto for people that are hesitant / don’t trust at all?
0 reply
0 recast
0 reaction
Steve pfp
Steve
@stevehere.eth
https://twitter.com/settings/account/login_verification 'Authentication app' or 'Security key' should be the only 2 options there. So far have had no troubles with using my 2fa app.
1 reply
0 recast
0 reaction
🌹 Zach Harris 🥀 pfp
🌹 Zach Harris 🥀
@zachharris
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction
grant pfp
grant
@grunt.eth
To clarify, u had no 2FA on twitter? Just a good password?
0 reply
0 recast
0 reaction
Kindnesss.eth 10^11 🌐 🪙 pfp
Kindnesss.eth 10^11 🌐 🪙
@kindness
Did you have non SMS 2FA enabled?
0 reply
0 recast
0 reaction
Rouven pfp
Rouven
@rouven
@vitalik.eth besides removing phone number as backup, I would also recommend to 'lock' your account with T-mobile. It's more painful to switch eSims, but it gives you much better protection. I also suggest to add passcodes for messengers like Signal, Telegram and Whatsapp.
0 reply
0 recast
0 reaction
Gm_7_13_eth pfp
Gm_7_13_eth
@not3nough-eth
Everyday i learn more. Its like we need to take loss or something just so we are able to recognize the importance of anonymity. What would be the best way to have the 2FA? Or should we use more than 2 now🤔It's a challenge for me to provide informative information 4 others who are less willing to become decentralized
0 reply
0 recast
0 reaction
Ryan Lackey pfp
Ryan Lackey
@rdl
Does EF not have a CSO to handle this for you?
0 reply
0 recast
0 reaction