[tallanvor]

Admin tools having the capability to change email and 2FA settings is a necessity, but Twitter clearly needs to greatly increase the security.

I don't know what all Twitter uses, but I know that many companies have various methods of authentication depending on how much damage can be done:

- Logging on using a username/password and 2FA is enough for some activities.

- More sensitive operations have to be done on hardware that has a certificate installed and backed by something like Windows Hello.

- Even more sensitive operations require a JIT account and a certificate stored on a separate hardware key such as a yubikey.

- Very sensitive work gets done on a secure device that is very locked down and can detect changes to the hardware that may suggest tampering.

- Some stuff simply isn't allowed to be done remotely, even with the above restrictions.

Obviously not every company needs such a complex setup, but for someone as high profile as Twitter, you'd expect more thought to be put into this.