Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
186 recasts
590 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
10 replies
11 recasts
95 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
4 replies
2 recasts
53 reactions
jamesyoung.eth pfp
jamesyoung.eth
@jamesyoung
remove phone number : Settings -> Your account -> Account information -> Phone
0 reply
0 recast
1 reaction
Joe Blau 🎩 pfp
Joe Blau 🎩
@joeblau
Using a phone number with 2FA is so bad, I send an email to USAA every year telling them to remove phone number 2FA on their site. TOTP, FIDO, or Yubikey... anything but phone number.
1 reply
0 recast
3 reactions
Ryan Lackey pfp
Ryan Lackey
@rdl
Does EF not have a CSO to handle this for you?
0 reply
0 recast
0 reaction
Gm_7_13_eth pfp
Gm_7_13_eth
@not3nough-eth
Everyday i learn more. Its like we need to take loss or something just so we are able to recognize the importance of anonymity. What would be the best way to have the 2FA? Or should we use more than 2 nowπŸ€”It's a challenge for me to provide informative information 4 others who are less willing to become decentralized
0 reply
0 recast
0 reaction
Rouven pfp
Rouven
@rouven
@vitalik.eth besides removing phone number as backup, I would also recommend to 'lock' your account with T-mobile. It's more painful to switch eSims, but it gives you much better protection. I also suggest to add passcodes for messengers like Signal, Telegram and Whatsapp.
0 reply
0 recast
0 reaction
Kindnesss.eth 🌐 pfp
Kindnesss.eth 🌐
@kindness
Did you have non SMS 2FA enabled?
0 reply
0 recast
0 reaction
grant 🌈 🎩 🐸 pfp
grant 🌈 🎩 🐸
@grunt.eth
To clarify, u had no 2FA on twitter? Just a good password?
0 reply
0 recast
0 reaction
πŸ“Ώ zach harris πŸ™πŸΌ pfp
πŸ“Ώ zach harris πŸ™πŸΌ
@zachharris.eth
I think the best two-factor authentication is by using the authenticator app which uses 512-RSA grade rotating keys developed by EMC for highly secure government & enterprise environments (think NSA).
1 reply
0 recast
0 reaction
Steve pfp
Steve
@stevehere.eth
https://twitter.com/settings/account/login_verification 'Authentication app' or 'Security key' should be the only 2 options there. So far have had no troubles with using my 2fa app.
1 reply
0 recast
0 reaction