ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Twitter - When *just* changing your password might not be good enough

By | October 28, 2011, 4:18am PDT

Summary: Check what applications have access to your Twitter account.

Normally the advice given to people why suspect that their password has been compromised is to change the password. Simple enough, right? By doing that the bad guys no longer have access to your account. But a conversation I had this morning on Twitter made it clear to me that people don’t understand that there are exceptions … and one such exception being Twitter itself.

Let me explain. I have a Twitter account (which I hope you all follow!). That account is password protected. I have several applications across a range of devices that connect to that account (plus a few external services that send me email notifications of new messages and tweets I might have missed). To authorize those apps to have access to my account I have to give them my password. They only need this once and then they’re authorized to access the account.

OK … on to the clever/dumb part. If I log into my Twitter account and change my password, I don’t have to reauthorize any of the apps that have been previously authorized. They just carry on working as normal.

Why is this both clever and dumb? Well, it’s clever because it allows me to be security conscious and change my password regularly and not have to input the new password into every app. That’s a massive time saver! But it’s dumb because if my Twitter account somehow gets compromised (say in order to spam my followers), then changing my password won’t fix the problem if the spammer’s been clever enough to authorize a few apps of their own before I change my password. They’ll continue being able to spam my followers no matter how many times I change my password.

Convenience almost always trades off against security.

So how do you kick the bad guys off your account?

Here’s how … navigate to the Twitter website and click on the drop-down box in the top-right of the screen and select Settings:

Now click on the Applications tab … from there you can see what applications have access to your account. Revoke Access from anything that you’re not familiar with:

Twitter should make it clearer to users who are changing their password that this action alone might not be enough to protect them after their account has been compromised and point them towards the list of applications that have access to their account. Twitter could also improve the applications list by showing users the IP address of even the location from where the application was initially authorized.

Safe tweeting!

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Password, Advice, Twitter Inc., Social Media, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

3
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Twitter - When *just* changing your password might not be good enough
Randalllind Updated - 21st Nov
For the pass 3-4 weeks Twitter just at random changes my password. I don't know why but they saying account looked hacked. I checked application and don't see anything strange. It is getting old.
View in thread
0 Votes
+ -
RE: Twitter - When *just* changing your password might not be good enough
Rayyanahmed 28th Oct
Great suggestion, thanks a lot!!!
0 Votes
+ -
RE: Twitter - When *just* changing your password might not be good enough
Bruce Lang 28th Oct
That's a great thing to be reminded about - thanks. I've revoked seven out of eleven applications.
0 Votes
+ -
RE: Twitter - When *just* changing your password might not be good enough
Randalllind Updated - 21st Nov
For the pass 3-4 weeks Twitter just at random changes my password. I don't know why but they saying account looked hacked. I checked application and don't see anything strange. It is getting old.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix