> U2F requires the presence of SMS fallback. It cannot be disabled as of two days ago when I tried it last.
The original statement is:
> 1 point by chimeracoder 11 minutes ago | parent | edit | favorite | on: Hackers Hit Twitter CEO Jack Dorsey in a ‘SIM Swap...
> which in Jack's case should be ordering an immediate implementation of a non-SMS 2FA
Which, as I point out, is superfluous, because Twitter already has three other forms of non-SMS 2FA. Twitter does also support SMS-based password reset, which is a problem, but that's not actually how Jack Dorsey's account got hacked in the first place.
Aside from any improvements to Twitter's security practices that could be made, Jack Dorsey himself was not using the existing security features that Twitter already offers. Which is the real problem.
I am not Twitter's CEO. I'm twitter's user. I cannot use that feature without opening my account to this attack. Therefore that feature for all intended purposes does not exist because it is unusable for the purpose of protecting the account.
The original statement is:
> 1 point by chimeracoder 11 minutes ago | parent | edit | favorite | on: Hackers Hit Twitter CEO Jack Dorsey in a ‘SIM Swap...
> which in Jack's case should be ordering an immediate implementation of a non-SMS 2FA
Which, as I point out, is superfluous, because Twitter already has three other forms of non-SMS 2FA. Twitter does also support SMS-based password reset, which is a problem, but that's not actually how Jack Dorsey's account got hacked in the first place.
Aside from any improvements to Twitter's security practices that could be made, Jack Dorsey himself was not using the existing security features that Twitter already offers. Which is the real problem.