The new American president’s Twitter account isn’t a means of communication as much as it is a tool for confusion, propaganda, and unceasing assault. But Donald Trump has shown his tweets can move the stock market, provoke foreign powers, and dominate news cycles, so the account’s potential to shake the world is unprecedented. And all that’s stopping an outsider from seizing control of @POTUS could be someone’s personal Gmail password.

If you forget your Twitter password, the company allows you to easily reset the code through a link sent to an email address you designate in your account settings. This same process makes it elementary to hijack that Twitter account if you have access to the email account in question: Just request a password reset, wait for the link to arrive, and lock your victim out of their own Twitter account. If two-factor authentication is enabled, it would impede but not necessarily stop a motivated or sophisticated attacker.

Trump’s account is an obviously juicy target for such an attack, representing what BuzzFeed’s Joe Bernstein described as “a national security disaster waiting to happen.” An unauthorized declaration of, say, imminent hostilities or economic sanctions coming from the president’s official account could destabilize the entire world.

According to hacker and Twitter user @WauchulaGhost, Trump’s account is set to email password reset requests to a personal Gmail account (it appears to be that of Dan Scavino, his social media chief), and it reveals the first two letters of the account (enough to surmise it’s probably Scavino’s). This signals to hackers that all they need to do to illicitly broadcast to the president’s 14 million online followers is get into said Gmail account, which may or may not be secured with some form of two-factor authentication. Even with such an extra layer of authentication, knowing the private email address of a senior White House employee would make them a target for spearphishing attacks like those that befell the DNC and John Podesta last summer.