Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
27 replies
94 recasts
440 reactions
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
7 replies
12 recasts
77 reactions
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
2 replies
2 recasts
41 reactions
Joe Blau π©
@joeblau
Using a phone number with 2FA is so bad, I send an email to USAA every year telling them to remove phone number 2FA on their site. TOTP, FIDO, or Yubikey... anything but phone number.
0 reply
0 recast
3 reactions
jamesyoung.eth
@jamesyoung
remove phone number : Settings -> Your account -> Account information -> Phone
0 reply
0 recast
2 reactions
jp π¦π©
@jpfraneto
How was it to realize what had happened? What else did you learn about how we should design the next onboarding to crypto for people that are hesitant / donβt trust at all?
0 reply
0 recast
0 reaction
πΉ Zach Harris π₯
@zachharris.eth
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction
grant π π© πΈ
@grunt.eth
To clarify, u had no 2FA on twitter? Just a good password?
0 reply
0 recast
0 reaction
Kindnesss.eth π
@kindness
Did you have non SMS 2FA enabled?
0 reply
0 recast
0 reaction
