Bryan CantrillPost-Musk Twitter, in a single screenshot
Chance The Lawyer ⚡︎Just imagine how many account credentials have been compromised but for the SMS 2FA that will be released to the wild on whatever that date in March if they don’t resolve this error. 😑
@chancerydaily The whole thing is just so unhinged. They are either going to have an avalanche of compromised accounts or (more likely?) they are going to simply disable those accounts who still have SMS-based 2FA. Absolute chaos, either way. Assuming that the problem to solve is fraudulent behavior, there are many ways to solve it that don't punish legitimate users in the process!
Tappin Lisa@bcantrill @chancerydaily
So they're going to disable all those accounts and reduce their numbers even more?
So they're going to disable all those accounts and reduce their numbers even more?
Just 2FA, I guess, which will leave them potentially open to compromise if they were previously part of a data leak.
Justin@bcantrill @chancerydaily I'm guessing Elon was looking line by line at the expenses, realized sending texts cost a tiny amount and decided to try to recoup the costs 🤣🤦♂️ at this point the bird site is such a shithole I'm glad I spend way more time here than there
Serhiy Barhamon@bcantrill @chancerydaily that is precisely the reason why I deleted acc there, and I highly recommend everybody to do that.
lippard✅
@bcantrill @chancerydaily There are two far-better forms of 2FA still free on Twitter, the best thing to do is to switch to an authentication app or security keys, and remove the phone number from your account so that it can't be used for password recovery workflow. SMS-based 2FA has been deprecated by NIST since 2017 and exploited by thousands of hacks, including many on Twitter, since then.
@lippard @bcantrill This is accurate for people who have smartphones, but there are millions of people who do not have access to a smartphone, much less a security key. SMS is their only option for 2FA unless I'm missing something.
Kevin P. Fleming@chancerydaily @lippard @bcantrill If they have a browser they can use TOTP, no phone or key needed. Bitwarden supports TOTP directly and I'm sure other password managers do too.
@kevin That's right, KeePass also supports TOTP.
@chancerydaily @bcantrill How are they accessing Twitter? You can run an auth app on a desktop, a laptop, a tablet, an iPod Touch...
Tâi Siáu-káu 台痟狗 ㄊㄇㄉ 🇳🇫 台灣國@bcantrill
"Post-Musk"… Does that mean Musk is gone? 🤔
"Post-Musk"… Does that mean Musk is gone? 🤔
Darryl Ramm@bcantrill I authentically could not give two fucks about Twitter. 🤷♂️