7 comments

[ 2.0 ms ] story [ 33.0 ms ] thread
It’s ridiculous that both password and email can be changed at once on any service
There is nothing the support can do until this post is popular enough :)

I find Twitter's security borderline awful. I'm genuinely curious how does a 14 year old platform still isn't able to implement token based 2FA and user can change the email and password without any confirmation whatsoever.

A generic HN title like this one won't gain much traction.
This post made it to the front page within minutes of being submitted, but was flagged shortly after.
This is happening while Twitter named a new head of security, doesn't look good.