Stop using Twitter to link to other sites

Despite all of Twitter’s technical problems, I missed a major disaster: many people still use Twitter to identify themselves on other websites. Wow, you should totally stop this Now.

Why? Because part of Twitter’s login system is already broken. Twitter’s two-factor authentication (2FA) system began to fail on Monday, November 14. It’s Twitter CEO Elon Musk’s Twitter ” disable “microservices” bloat “.

Elon Musk may be good at launching rockets, but that doesn’t mean he’s accurate at identifying microservices bloatware. One or more of these services were essential for SMS two-factor authentication (2FA). SMS two-factor authentication is the most commonly used form of two-factor authentication. The result of this removal is that if you have set up two-factor authentication to protect your account from hackers, if you give your password a middle finger, you can no longer use it to change your password or log in again.

So much for Twitter

Ian Coldwater, co-president of Kubernetes Security and Twilio architect with expertise in security and microservices, tweeted: The microservice that provides 2FA codes via SMS is broken. Reports also indicate that backup codes have been compromised. If you have a 2FA code via SMS, do not log out. »

Coldwater recommends staying logged in and changing your 2FA method from text to email or an authenticator app or physical security key (like a YubiKey).

So much for Twitter. But what’s worse is that if you use Twitter for single sign-on (SSO) on other sites, you might get blocked on those sites as well. As Ian Coldwater explains, “If you have any apps or sites you log into that connect to your Twitter account via OAuth, I HIGHLY recommend changing them now, while you still can.”

To change Twitter 2FA, go here Settings > Support > Settings > Privacy > Security & Account Access > Security > Two-Factor Authentication.

If you selected SMS as your two-factor authentication method, switch to the authenticator app or security key. Just follow the instructions and you’ll be fine…for now.

Another thing to remember: you often see SSO as an invitation on sites as an easy way to sign in without having to create another password. Use your Google, Microsoft, Facebook, Apple or Twitter login and password instead.

This is a good thing if you trust the main site to remain stable and protect your data. But in the current situation, Twitter is not reliable in this sense.

You should immediately go to the sites you use Twitter to log in and replace it with something else. To find out which sites you use Twitter as SSO for, go to the Twitter app or website and check Settings > Support > Settings > Privacy > Security & Account Access > Apps & Sessions.

Once there, check the “Connected apps” box for apps that have read-write access to Twitter, or vice versa. Next, check your account login history for sites that have recently used Twitter to log in.

Go to the sites and services you find with this information and accept a different, more stable username and password. The way things are going, it’s only a matter of time before Twitter has another technical problem, and you don’t want to be left out of other sites if Twitter goes down.


Leave a Reply

Your email address will not be published. Required fields are marked *