Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
27 replies
94 recasts
437 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
7 replies
12 recasts
76 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
2 replies
2 recasts
41 reactions

Joe Blau 🎩 pfp
Joe Blau 🎩
@joeblau
Using a phone number with 2FA is so bad, I send an email to USAA every year telling them to remove phone number 2FA on their site. TOTP, FIDO, or Yubikey... anything but phone number.
1 reply
0 recast
3 reactions

jamesyoung.eth pfp
jamesyoung.eth
@jamesyoung
remove phone number : Settings -> Your account -> Account information -> Phone
0 reply
0 recast
2 reactions

jp  🦊🎩 pfp
jp 🦊🎩
@jpfraneto
How was it to realize what had happened? What else did you learn about how we should design the next onboarding to crypto for people that are hesitant / don’t trust at all?
0 reply
0 recast
0 reaction

🌢️ Zach Harris πŸ₯€ pfp
🌢️ Zach Harris πŸ₯€
@zachharris.eth
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction

grant 🌈 🎩 🐸 pfp
grant 🌈 🎩 🐸
@grunt.eth
To clarify, u had no 2FA on twitter? Just a good password?
0 reply
0 recast
0 reaction

Kindnesss.eth 🌐 pfp
Kindnesss.eth 🌐
@kindness
Did you have non SMS 2FA enabled?
0 reply
0 recast
0 reaction