[iLoch]

I really hate Twitter's TFA approach and have it disabled for security reasons. Primarily, if someone gets access to your cellphone network account (Sprint, ATT, etc.) they can receive texts on your behalf. So if your Twitter password happens to be the same as your ATT password, you're out of luck. I only use two factor authentication if I can add it to my Authenticator app and save the code/QR code somewhere offline. Everything else is just too complex to be secure.

[sehrope]

> So if your Twitter password happens to be the same as your ATT password, you're out of luck.

Why would you have both passwords be the same? That makes no sense. All passwords should be different.

> I only use two factor authentication if I can add it to my Authenticator app and save the code/QR code somewhere offline. Everything else is just too complex to be secure.

TOTP based two-factor auth (e.g. Google Authenticator) is my preferred method as well though I'll still set up an alternative method if it's not available. For example Namecheap offers 2FA via SMS. While not preferred, it's better than nothing.

[dictum]

> Why would you have both passwords be the same? That makes no sense. All passwords should be different.

I'd put good money on the percentage of AT&T customers who use the same password for all their web services being sizable enough to make that a valid concern.

[parfe]

>Why would you have both passwords be the same? That makes no sense.

Sure it does. With only one password you are less likely to forget how to log in to an account. It makes perfect sense.

>All passwords should be different.

And eat veggies with every meal. And properly hydrate throughout the day. And get 40 minutes of moderate cardio at least three times a week. And call your mother more. And floss daily.

You can't expect all the people to follow the "best" advice all the time.