> It turns out that the 2FA with text messaging sent to a cell phone may be useless when hackers steal your SIM right out from under you.
The most annoying part about this is that Twitter demands your phone number. You can't use another method for 2FA, such as U2F or OTP. I assume it's not at all because they want to authorize you or keep your account safe, but rather because they want to be able to identify you. User's lose both privacy and security.
Just to clarify, you can use U2F to login, but you can’t only use U2F. Eventually you’ll be locked out of your account (after logging in) and forced to provide a valid number.
The most annoying part about this is that Twitter demands your phone number. You can't use another method for 2FA, such as U2F or OTP. I assume it's not at all because they want to authorize you or keep your account safe, but rather because they want to be able to identify you. User's lose both privacy and security.
Just to clarify, you can use U2F to login, but you can’t only use U2F. Eventually you’ll be locked out of your account (after logging in) and forced to provide a valid number.