Stop using Twitter to connect to other websites

With all the technical problems that Twitter is having, I missed one major disaster: many people still use Twitter to identify themselves on other websites. Oops, you really need to stop doing that. now.

Why? Because part of Twitter’s login system is broken. Twitter’s two-factor authentication (2FA) system began to break on Monday, November 14. This happened after Twitter CEO Elon Musk announced that Twitter is ” disable “microservices” bloatware “.

Elon Musk may be good at launching rockets, but that doesn’t necessarily translate to accuracy in identifying microservice bloatware. One or more of these services are essential to SMS two-factor authentication (2FA). SMS two-factor authentication is the most commonly used form of two-factor authentication. The result of this removal is that if you set up two-factor authentication to protect your account from hackers, you will no longer be able to use it to change your password or log in again if you provide the middle finger on Your password.

So much for Twitter

Ian Coldwater, co-president of Kubernetes Security and Twilio architect, with expertise in security and microservices, tweeted: “The the microservice that provides the 2FA code via SMS is broken. Reports also indicate that backup codes are broken. If you have a 2FA code via SMS, do not log out. ยป

Coldwater recommends staying signed in and changing your 2FA method from text to email or an authenticator app or physical security key (like a YubiKey).

So much for Twitter. But what’s potentially worse is that if you use Twitter for single sign-on (SSO) on other sites, you might get blocked on those sites as well. As Ian Coldwater explains, “If you have any apps or sites that you log into that connect to your Twitter account via OAuth, I highly recommend that you change them now, while you still can.”

To change your Twitter 2FA, go to Settings > Support > Settings > Privacy > Security and Account Access > Security > Two-Factor Authentication.

If you chose SMS as your two-factor authentication method, switch to an authenticator app or security key. Just follow the instructions and you should be fine…for now.

Another thing to note: you often see SSO as an invitation to sites as an easy way to log in without creating another password. Instead, just use your Google, Microsoft, Facebook, Apple, or Twitter login name and password.

This is a good thing if you trust the main site to stay stable and protect your data. But in the current circumstances, Twitter cannot be trusted in that sense.

You should immediately go to the sites where you use Twitter to log in and replace it with something – anything – else. To find out which sites you’re using Twitter as SSO, go to the Twitter app or website and check Settings > Support > Settings > Privacy > Security and Account Access > Apps and Sessions.

Once there, check the “Connected apps” box for apps that have read-write permissions on Twitter or vice versa. Next, view account access history for sites that have used Twitter to log in recently.

With this information, go to the sites and services you find and use another, more stable username and password. As things stand, it’s only a matter of time before Twitter has another technical issue, and you don’t want to be locked out of other sites when โ€“ not if. โ€“ Twitter failed.

Source: ZDNet.com

Leave a Reply

Your email address will not be published. Required fields are marked *