Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
50 replies
74 recasts
384 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
11 replies
11 recasts
67 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
3 replies
3 recasts
37 reactions
Joe Blau 🎩 pfp
Joe Blau 🎩
@joeblau
Using a phone number with 2FA is so bad, I send an email to USAA every year telling them to remove phone number 2FA on their site. TOTP, FIDO, or Yubikey... anything but phone number.
1 reply
0 recast
3 reactions
jamesyoung.eth pfp
jamesyoung.eth
@jamesyoung
remove phone number : Settings -> Your account -> Account information -> Phone
0 reply
0 recast
1 reaction
Kindnesss.eth 🌐 pfp
Kindnesss.eth 🌐
@kindness
Did you have non SMS 2FA enabled?
0 reply
0 recast
0 reaction
grant 🌈 🎩 🐸 pfp
grant 🌈 🎩 🐸
@grunt.eth
To clarify, u had no 2FA on twitter? Just a good password?
0 reply
0 recast
0 reaction
πŸ’€ Zach Harris πŸ’Έ pfp
πŸ’€ Zach Harris πŸ’Έ
@zachharris.eth
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction
jp 🦊🎩 pfp
jp 🦊🎩
@jpfraneto
How was it to realize what had happened? What else did you learn about how we should design the next onboarding to crypto for people that are hesitant / don’t trust at all?
0 reply
0 recast
0 reaction
Ryan Lackey pfp
Ryan Lackey
@rdl
Does EF not have a CSO to handle this for you?
0 reply
0 recast
0 reaction
Rouven pfp
Rouven
@rouven
@vitalik.eth besides removing phone number as backup, I would also recommend to 'lock' your account with T-mobile. It's more painful to switch eSims, but it gives you much better protection. I also suggest to add passcodes for messengers like Signal, Telegram and Whatsapp.
0 reply
0 recast
0 reaction
Steve pfp
Steve
@stevehere.eth
https://twitter.com/settings/account/login_verification 'Authentication app' or 'Security key' should be the only 2 options there. So far have had no troubles with using my 2fa app.
1 reply
0 recast
0 reaction
Gm_7_13_eth pfp
Gm_7_13_eth
@not3nough-eth
Everyday i learn more. Its like we need to take loss or something just so we are able to recognize the importance of anonymity. What would be the best way to have the 2FA? Or should we use more than 2 nowπŸ€”It's a challenge for me to provide informative information 4 others who are less willing to become decentralized
0 reply
0 recast
0 reaction
Grossbel pfp
Grossbel
@investmentby
Nice
0 reply
0 recast
0 reaction
Salar pfp
Salar
@salar1
πŸ‘
0 reply
0 recast
0 reaction