So, I'm going to ask for the billionth time: @twitter, for the love of god, stop forcing users to have SMS authentication turned on in order to have 2FA turned on. SMS-based 2FA is a security _hole_, not a security check:https://www.wired.com/story/reddit-hacked-thanks-to-woefully-insecure-two-factor-setup/ …
-
-
Why is it so insecure exactly? Just because it's easier to bruteforce break a 6-digit number than a full password?
-
Because text messages are insecure. They can be intercepted in a couple of supposedly rather trivial ways. This means someone else can try to log into your account, prompting the send of this message, and they will get the message too, not just you.
End of conversation
New conversation -
-
-
I have actually set up 2FA on my account just yesterday. You can disable the SMS factor (in my case I have a security key and an totp before I disabled the sms factor, not sure if twitter restricts if you only have one other factor).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
So totally agree. I’ve been ranting about this myself. Listen up
@Twitter!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That doesn't seem to be true, am I missing something?pic.twitter.com/hO5yBDS9Ij
-
Can confirm, missed the news when Twitter added mobile app 2FA support and just added it, then removed SMS 2FA with no issues.pic.twitter.com/Llk17AfVRy
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.