A while back, @elonmusk posted about changes to 2FA.

What is 2FA, why is it important and what do you have to do?

2FA stands for 2nd Factor Authentication. The 1st "factor" is what you know (e.g. password). The 2nd factor is "what you have" (usually).

What you have is usually some piece of hardware (e.g. a phone or a #Yubikey/#Token2).

However, it's really hard to determine that you actually have that hardware. So what you usually get is a PROXY to that hardware.

In the case of a phone, it could be the phone number.
So, what is used in normal 2FA is "SMS 2FA", which means it sends u a code to ur phone number.

So this is a proxy of a proxy of a proxy. The code that is sent is a "stand-in" for u owning the no. & actually having the device.

But SMS 2FA is insecure securityboulevard.com/2021/12/why-us…
In fact, phone numbers are very poorly secured. This is why if your phone number was (212) 867-5309, that you'd get calls from (212) 867-xxxx that turns out to be spam later.

So what are the other options?

The hint is in the code that gets sent.
When you use SMS 2FA, a code is sent to you. This code changes every minute or so. Those are known as "One-Time-Passwords" (OTP). thalesgroup.com/en/markets/dig…

It's the same idea whether you have a hardware key (#Yubikey/#Token2), it's generated by your phone or generated by Twitter.
So why have 2FA?

Well, it's a small amount of login protection. When you're logging in for the first time (or if you've logged out of all sessions wikihow.com/Sign-Out-of-Yo… — just in case), you'll need the password and the OTP to login again (or change settings).
This means that if your password was stolen, guessed or leaked (@haveibeenpwned), that another person trying to login somewhere still needs your OTP code.

To check if your passwords have been leaked, go to: haveibeenpwned.com (Don't use the same password everywhere...)
Remember though, security is an onion (requires layers). If someone REALLY wanted your account and they had the skills, they will most likely outwit you. (And part of that fault lies in how tech companies deal with security.)

wired.com/2012/08/apple-…

But why make it easy?
So for anyone wanting to increase protection for their Twitter account, turning on 2FA is a good way.

trustedreviews.com/how-to/how-to-…

But there is a trade-off between "security" and "convenience". Or what I would call "single perspective security".
If you don't like the "onboard" OTP authenticator, there are 3rd party ones that you can use.

For example a simple one is the Google Authenticator (you can also copy/duplicate your OTP seeds to another phone).

🤖play.google.com/store/apps/det…
🍎apps.apple.com/us/app/google-…
Another advantage of using this an OTP 2FA is portability. As many people are escaping the Communist Domain of Chinada, they sometimes forget to change their phone numbers for their accounts...

Well, as long as you have the thing that generates the code, you're fine.
A single copy of the OTP generator is, in general, more secure (single perspective). But what happens if it gets lost or stops working? It's also another security concern (but a tradeoff). Access to your account after you lost your phone number may be difficult to get back.
Some phone OSes or Password Managers have the ability to "cloud sync" your passwords and keys. That's always an option. Making a duplicate OTP generator is also an option.
However, one problem many platforms/tools suffer from is lock in or death. If the platform dies or changes in a way that you no longer want to use it, getting it moved off that platform can be a hassle.

spideroak.support/hc/en-us/artic…
So if you're already considering the option of having your OTP seed synched on the cloud, then finding a platform agnostic way to do it might be a good idea.

There are a few choices, but I'll only highlight one as an example.

KeePass (@KeePass) keepass.info
It stores the entire database (w/ history) encrypted. A master password unlocks it (just like most Password Managers).

"Database files are encrypted using the best and most secure encryption algorithms currently known (AES-256, ChaCha20 and Twofish)."
This means it should be secure enough to leave on unencrypted cloud platforms like gdrive, onecloud, dropbox, box, etc..

It's an open source implementation with a lot of clients to choose from. keepass.info/download.html (see KeePass ports)
There is a good chance that this platform remains supported for years to come.

One nice thing about KeePass is that it supports OTP entries. keepass.info/help/base/plac…

(However, to have a nice layout a plugin is required in the official client.)
A nice web client is KeeWeb (@kee_web).

keeweb.info (Looking for maintainer though)

It has OTP support built right in & can run on a browser (even w/o installing — just use the "Online Web App").

I copied my 2FA seed from Twitter right into it & it worked.
For Android, there are a few choices as well. I know play.google.com/store/apps/det… supports OTP entries out-of-the-box.
For iPhones there are a few choices as well. Like Strongbox. apps.apple.com/us/app/strongb…
If you don't like KeePass, you can always look for other ones like ButterCup. buttercup.pw

(Warning: Seems to be a "hot" platform w/ a lot of interest & support now, but you never know when it disappears a few years down the road ... (most common theme in tech))

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SoothSpider 🇨🇦🍁💜🐭⛑😼🌎💜

SoothSpider 🇨🇦🍁💜🐭⛑😼🌎💜 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SoothSpider

Feb 1
#PRRARSV I felt like we talked about this nuclear localization signal (NLS) somewhere before, but with all the banned and deleted accounts... 😅

👀 @dr_SDRK @Alletwiederjut @NarfGb @Vonboo5 @NotJason666 @PinsolleT @AnneliseBocquet @PlanZip @TeamsforLife

frontiersin.org/articles/10.33…
" The translocation of the SARS-CoV-2 S mRNA appeared to be assisted by the S protein, which contains an NLS motif that is unique among human pathogenic beta-coronaviruses."

" To avoid image artifacts, we imaged multiple independent slides of SARS-CoV-2-infected airway ...
... epithelium (from three independent donors) using at least two different high-end confocal microscopes. Additionally, we used at least two different image processing strategies to determine nuclear localization. "
Read 14 tweets
Jan 26
Details matter. In a world where there is a lot of confusing summaries, looking at the details will surface many truths.

That is what @JohnBeaudoinSr did w/ record level death certificates in MA.

#COVID19 #CovidDeaths #CovidVaccines #CovidVaccineDeaths

Here, he goes into more detail about that snippet video and how we was able to determine that particular case of potential fraud.

#COVID19 #CovidDeaths #CovidVaccines #CovidVaccineDeaths

But this is part of a much larger backdrop of information when you start looking at data that spans 2020-2022... Because something changed in 2021 that impacted a large proportion of the population (especially in the Western World).

#JustTheData #COVID19

Read 7 tweets
Jan 24
Tmw, we'll be discussing our theories on why this happened. What was directed? What was by chance? Why do we think this?

There are many speakers coming to talk about different aspects of it. Planned from the beginning? Planned response? Opportunistic?

Read 18 tweets
Dec 18, 2022
@super_spreaders A few things that might help clarify things to your viewers. (In simplified/layman terms.)

1) Your DNA contains the code for you. Including all the protein you can make.
@super_spreaders 2) When your cell wants to produce (synthesize) protein, it first makes a copy of your DNA, but as mRNA (transcription).
3) This happens inside the nucleus of your cell. The mRNA then leaves the nucleus of the cell (into the cytoplasm); but stays in the cell.
@super_spreaders 4) The mRNA gets taken up by ribosomes (some cellular machinery) for protein synthesis (to make proteins) in the rough ER (organelle/region of the cell).
Read 8 tweets
Dec 16, 2022
Twitter auto/easy conversation archiver ideas (not a thread unroller -- I want to archive the convo since people are still getting banned left, right and center):

- Looks like bots like @archive_tweet (vice.com/en/article/kzk…) no longer exists...

What else is there?
Chrome (and family) extension:

Wayback Machine Auto-Archiver: chrome.google.com/webstore/detai…

But... doesn't seem to actually do anything.
Chrome (and family) browser extension:

Wayback Machine: chrome.google.com/webstore/detai…

Works. Extension icon shows a menu and you can backup current URL (which it does in the background).

But it's manual. But it's easy.
Read 4 tweets
Jul 15, 2022
I guess there are 2 things to consider. 1) target audience knowledge (of biology/chemistry), 2) target audience bias.

It's a pretty good start.

/1
[1] Could be higher level than most. Even with a HS biology (to the level where they cover cell biology and human anatomy), if this knowledge is a decade old (or even 5 years) and they're not in a science field that recalls any of that knowledge, I have serious doubts ...

/2
[1] they'd even know it's a cell diagram at a glance (and a eukaryotic cell at that).

It's probably fine to name things (e.g. lipidnanoparticle - LNP).

It's complex enough that you may want to consider a series of diagrams with different texts and things pointed out and ...

/3
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(