Twitter’s Password Fails
Let’s say you want to hack Jack Dorsey‘s online banking account. Where to start? His username?
Challenging… his online banking username is a secret. But how about his Twitter account?
Oh, that’s easy. It’s @jack.
That’s the problem with “social” usernames — they’re meant to be known.
Another problem, Twitter appears to validate e-mail addresses:
Looks like nobody’s home at firstname.lastname@example.org:
Twitter’s settings include an option to require “personal” infomation such as an e-mail or phone number:
But that’s less than useless if Twitter won’t actually let you add your number:
And just how “personal” is a phone number anyway?
But Twitter should first stop validating e-mail addresses.
And then maybe it could add an option to disallow logins via the publicly known username.
On 07/05/13 At 12:51 PM