Not all 2FA are created equalpic.twitter.com/t7N5H1f9sG
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
TOTP isn't that bad tbh, I'd say it raises the cost of the attack
Raises the cost, but not by much. Take a look at the video demo I made. It doesn't really matter if you use TOTP or SMS 2FA - they all can fall to phishing. Still better to have 2FA than nothing. https://vimeo.com/281220095
TOTP isn't "trash" in my opinion, it's that it's misappropriated. It's goal was to mitigate credential reuse from password dumps. It does that sufficiently. However it provides close to zero protection against "inline" site-in-the-middle type phishing.
Hence why U2F or certain PAKEs are a better recommendation as they can address both of those problems at the same time.
Indeed... I'll admit I just don't understand how anyone could maintain that password spraying, taking advantage of shared/stolen creds, creds gotten via NTLM grabbing & cracking, all the phishing attacks that still aren't 2FA aware, etc., are insignificant to take off the table.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.