> I'm not talking about any services that allow password reset through SMS alone - that's beyond idiotic, obviously.
Twitter allows this, it's been a security flaw for years they've never fixed, and it's possible even if you have non-sms 2FA enabled! If you have a phone number on your Twitter account you should definitely remove it.
Quite a few high profile very security conscious people (e.g. Vitalik Buterin) have had their accounts hacked because of this.
Twitter allows this, it's been a security flaw for years they've never fixed, and it's possible even if you have non-sms 2FA enabled! If you have a phone number on your Twitter account you should definitely remove it.
Quite a few high profile very security conscious people (e.g. Vitalik Buterin) have had their accounts hacked because of this.