sign your npub with the PGP key, and post the clearsigned bundle (message+signature) here, otherwise there's no way to know it's really you. I could create a profile, copy your name, profile picture and post the fingerprint. without referring to Twitter, no one could tell which one of us is you :)
Discussion
you're absolutely right. This is a good practice, and really only effective over time, usage, and history of the pgp key. Extra important for new accounts to sign certain messages to help piece together a consistent history.
I posted a signed message here, with some cross references: