All you 2FA hard token zealots out there saying SMS is worthless because a nation state can pwn it - if a nation state wants your SMS token, they'll get it. They'll beat you up and steal it if you're that important. Stop discouraging orgs from implementing "good enough" security
-
-
And it's not only "those groups". Boring white dudes are also subject to random angry people, angry exes, etc.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I can agree with that. That is a terrible process. I am dividing Auth from reset. Your reset should not use the same mechanisms if possible. However, if you have a solid reset process outside of SMS I feel SMS 2FA + pass is stronger than 1FA. I agree with your point about reset
-
Yes. I just think it's a mistake to be teaching and pushing users who don't understand the subtleties to be using "SMA 2FA" until this reset channel nonsense is abolished almost everywhere.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.