Profile picture
Romain Pellerin @rom1_pellerin
, 11 tweets, 8 min read Read on Twitter
@brian_armstrong Cool! Could you also improve the security of your iOS app? In fact, imagine you are on the way, only have your iPhone with you and you recently change your phone number and forgot to change it in your Coinbase account.
@brian_armstrong Imagine someone takes your old number and tries to hack your Facebook account. You will be alerted by a reset password kind of email. Freaking out you will remember that you didn’t change the phone number in your @coinbase account! 😱
@brian_armstrong @coinbase So you will open your Coinbase app protected by your pin code for rapid access, in order to remove your old number and add new one 🤙 So you click on remove and... your app tells you « we sent a confirmation code to your (old) phone number » 💪👀
@brian_armstrong @coinbase Now the hacker knows that you have a @coinbase account and that he has your phone number! 🙏😭
@brian_armstrong @coinbase Hopefully, you are clever and set a 2-step verification via #GoogleAuthenticator, so the hacker should not be able to access your account. lf not, you are💥
@brian_armstrong @coinbase So you rush to add your new phone number and ... the app asks for your 2-step verification code to add it, but displays a very awkward popup that you cannot bypass, that asks to replay the request with a particular header... which you cannot do within your iOS app 🙃
@brian_armstrong @coinbase Then you really freak out because you cannot change anything and the hacker had all this time to start an attack on your beloved @coinbase account... 💅
@brian_armstrong @coinbase So you call @coinbase support and they tell you that there’s no way or procedure in place to change the mobile phone over the phone. You have the choice to: 1) proceed to an ID verification by email which takes a while 2) lock your account but for maybe several months 🙋‍♂️
@brian_armstrong @coinbase So genuinely, you ask the support to report the issue to the @coinbase tech team asap, and they answer you that’s not possible and you should do the ID verification procedure. Well unfortunately the snake eats his own tail at this point. 🐍
@brian_armstrong @coinbase Then finally, half an hour later, you try to change the phone number on your laptop through the @coinbase website and there the 2-step verification process actually displays the form to enter the one time code. 🙌
@brian_armstrong @coinbase Hopefully, your funds are safe 🙈😅 but you dealt with an horrible user and customer experience 🤬😡🤯🤮
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Romain Pellerin
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#GoogleAuthenticator

Related threads

Profile picture
Recently i saw the whole “Steve Jobs was a useless asshole who knew nothing and stole all his ideas” thing pop up. This one was diff. from the usual, as they threw in Jony Ive instead of just Woz.

Normally, I ignore that. Because Jobs has become, in death, a perfect touchstone.
People who never met or worked with the man *know* him. He is used to represent whatever aspect of tech you dislike.

All of the representations are slices of who the man was. He was, like every one of us, fucked up, wonderful, a raging tool, a good person all at the same time.
But, because of his fame, he’s this convenient wrapper that we can place on whatever thing we like or dislike about tech.

I do respect the person saying this, so I broke my internal rule and engaged on this. Which was a dumb idea.

It went about how I should have expected.
Read 39 tweets
Profile picture
This is the best thing on Twitter this morning. I see too many security products trying to *replace* human-to-human interaction - there’s a good chunk of security and privacy that’s about *people*.

Let’s make more products which help people STOP, collaborate, and listen 😝
Forgetting about the “people” part of security is why we’ve heard “GRC is dead” for the last 10 years. We’re on “GRC 4.0” now and it *still* sucks.

GRC tools like Archer are designed for Process and Technology but forget about the poor People who have to use that dumpster fire.
We still have new vendors trying to design single-pane-of-glass “CISO dashboards”, meanwhile *very* few security companies are truly focused on people (not just security people) inside of organizations.

@duosec is one of the few companies who has focused on people. @habitu8 too
Read 10 tweets
Profile picture
So I've seen the #WhereAreTheChildren hashtag and read some articles. I think there's a misunderstanding of what it means, exactly. How are the children "missing"? 1/n
When I first heard the headline, it sounds shocking. "ICE loses 1500 immigrant children!" I know that I got enraged just hearing that. But you dig a little deeper and find out what is actually being reported.
So before going any further, I guess I should say that I work for one of the shelters that temporarily houses unaccompanied minors. After they are detained and processed, ICE transfers those children to our care.
Read 16 tweets
Profile picture
Big Tech & Antitrust, featuring @makandelrahim, @Sally_Hubbard, @tylercowen, @zingales, and moderated by @davidfaber. #BigTech
: I'm reminded of US v Microsoft. Tech platforms controlling arena in which the game is played and also playing the game. Result: Playing field for competition that is quite distorted = Platform privilege. #BigTech
Question is whether they do have marketpower on the advertising side? Yes. Two providers control more than 80 percent of the market.... #BigTech
Read 25 tweets
Profile picture
1/ Can someone have a white power tattoo and not be a white supremacist? A thread about Gavin McInnes, co-founder of Vice Media.
2/ I wrote a guide to Gavin at his best and worst. Written for journalists and people considering being guests of his show. The article is an exhaustive, 1 hour #longreads notvice.com/gavin-white-su…

The article is chronological but I’ll take some freedoms in this thread.
3/ Gavin is the only person I know who has defended the Rodney King beatings.

Guest: It’s not true that they needed to beat the shit out of him-
Gavin: Yeah, it is.

Read 25 tweets
Profile picture
#Fact 1 - The Wage Gap is real. People who says it's not haven't read the data.

However, in places like the USA, the wage gap is *not* mostly due to sexism like many #femnist #WomenInScience are claiming it is today. Disparate outcomes doesn't imply disparate treatment.
Women typically choose fields that are lower paying; even in the #STEM fields. To attribute that to sexism only or even mostly is a very dishonest way of deriving an answer for this complex disparity.

Sources:

cew.georgetown.edu/wp-content/upl…

npr.org/sections/money…
When the US Department of Labor Statistics took into consideration personal choices, non-wage benefits, hours worked, experience, education, and other variables that contributes to the wage gap the percentage of earnings decreases to approximately 3%.

shrm.org/hr-today/publi…
Read 12 tweets

Trending hashtags

#ChildSexTrafficking #Rothschild #Feminist #Lulz #Winning #Trump #Angels #Fact #EgyptStation #STEM #AccidentsWillHappen #SaveOurChildren #NWO #ThesePeopleAreSick #Propaganda #Memo #LookNow #Ozark #ElvisCostello #FLY #GoodbyeDemocrats #yourewelcome #feminism #infosec #FundTheWall

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!