Today I learned that Twitter allows changing password without asking for the second factor. Anyone with access to a valid session can simply change the password and lock you out. Same with account email apparently. - ThreadSky

kaspars.damb.is • 38 days ago

Today I learned that Twitter allows changing password without asking for the second factor. Anyone with access to a valid session can simply change the password and lock you out. Same with account email apparently.