Well, this is scary.
I had [incorrectly] assumed to get a blue check, you had to have 2FA turned on.
Apparently, The president had neither a strong password or 2FA.
@0x56 so how many other accounts out there and systems have the same password?
Like his classified accounts and/or government accounts? Banking? Etc?
You just *know* he's the type to use the same password across multiple sites.
@Hobyrim - I'm going to guess his personal email account - although I'd guess his official govt. email is not open to the internet.
@0x56 probably not. But if you were say, a high level Russian or Chinese (or other hostile actor) do you try to see if you can get access?
What about his dormant and/or abandoned accounts that I'm sure some people have compiled over the years? Do you think they go back and try passwords like "You'reFired!" etc to get access to those?
I know we've said the man is a walking security risk, but JFC, he has the same care for infosec as my 80+ y/o grandma.
@0x56 I am kinda, but also not I'm assuming that lots of different members of his staff and/or family have access to that twitter account, and 2FA would really mess up having an account run by many, especially if someone is forgetful with passwords.
@Hobyrim - yeah, I'm really still surprised that 2FA wasn't enforced.