Exactly, which is why we need to make strong non-phishable MFA ... • Aaron Parecki

53°F

Rod Begbie https://twitter.com/rodbegbie • Jul 6
Yes. They’ve triggered a password reset email, and now want you to hand over the code so they can take over your account.

Exactly, which is why we need to make strong non-phishable MFA much more accessible and stop using SMS for this

Auckland • 56°F

Wed, Jul 6, 2022 5:57pm +12:00

1 reply
Have you written a response to this? Let me know the URL:
- Nelson Minar twitter.com/nelson
  
  I don't know if Twitter uses SMS for auth or not; mine is using a TOTP token. Twitter does have some protection against spurious password resets but I think it boils down to "do you know the email address for the account" which, well, of course anyone can guess that for me.
  
  Wed, Jul 6, 2022 1:20pm +00:00 (via brid.gy)

Posted in /replies using indigenous.abode.pub/ios