Friday, April 25, 2014

Did Twitter silently remove login verification using their Twitter app?

Updated information:

I tried to register for one-way tweeting by sms by sending 6 messages (stop, stop, start, yes, username, password) to Twitters UK number. Didn't work, repeated the process to the number listed in Finland. It worked.

Now I can tweet by SMS (Who would do that anyway???), but I can finally configure login verification by use of iOS/Android app.

Error report, or at least sort of:
The option Security and privacy - "Send login verification requests to my phone" is available (using pc/windows/Chrome at twitter.com), but I do not receive any verification code from Twitter.

My phone number is correctly listed under Mobile, including +47 country code for Norway and (Norway) listed. I have set a PIN to protect my account from SMS spoofed texts appearing to come from me.


_________________________________
Original text:

So @hmemcpy and @omervk had this little discussion on failure of configuring Twitter login verification, and I thought "dude, that's easy", and pointed to the option of using the "login verification" through Twitters native app for iOS or Android, and option I've been using for quite some time:



[Screenshot from earlier configuration of my account at Twitter]

Twitter didn't have 2FA or any kind of login verification. High profile accounts got hacked. I was among the many asking for 2FA or similar to become available at Twitter.

Twitter launched SMS-based login verification on 22 May 2013, but with a restricted list of countries and telcos supported.  People complained, I was one of them.

Twitter launched an improvement on August 6, 2013, where you no longer had to use SMS as part of the process, you could just use your native Twitter client for iOS or Android. Suddenly "everyone" could have login verification, and without the hassles and cost of SMS. This is what I've been using, since Twitter still has no support for Norway and the telcos here for SMS based login verification. They list them alright:


But the response  is this:



So YES, I was really surprised when I checked my settings online at twitter today, and saw this:

[Screenshot of my Twitter account settings, April 25, 2014]

WTF?!?

Did my friends finally manage to pwn my account, to see me suffer and humiliated in public? NO.

Twitter seem to have silently removed the use of their native app to do login verification without registering a phone. 


At least to me based in Norway, I'm back to trusting my password, as I did before august 2013. No login verification available for me, unless I can do it using their "SMS to long code in another country" option works, with numbers available in UK, Germany and Finland. Tried once with the UK number, no luck.

So out of curiosity and increased body temperature right now Twitter; 

Seriously, WTF?!?

No comments:

Post a Comment

All comments will be moderated, primarily for spam. You are welcome to disagree with my posts of course.