[echohack]

Rule #1 of security: There is no such thing as perfect security.

Of course there are still problems with two factor authentication, but it's better than the alternative.

If you lose your phone with two factor auth the provider should give you several temporary keys that you can use, or a way to contact their support line and confirm your identity.

[aleyan]

Agree on rule #1.

> " or a way to contact their support line and confirm your identity"

That is one of the nice things about SMS 2-factor auth, the backup authentication method (lost phone) is on the wireless company instead of you. I suppose twitter can handle the extra responsibility though. They have ways of verifying accounts, so now it is just a question of scaling that for support.

[sehrope]

> That is one of the nice things about SMS 2-factor auth, the backup authentication method (lost phone) is on the wireless company instead of you.

This is one of the terrible things about SMS 2-factor auth! In exchange for having them be able to replace your phone (so your 2FA works again) you're giving them the ability to spoof you at any given time. From a company's perspective it might be better (don't have to deal with "I lost my ...") but it's a terrible trade off for users.