Twitter’s Password Fails

Let’s say you want to hack Jack Dorsey‘s online banking account. Where to start? His username?

Challenging… his online banking username is a secret. But how about his Twitter account?

Oh, that’s easy. It’s @jack.

That’s the problem with “social” usernames — they’re meant to be known.

Twitter's Password Fails

Another problem, Twitter appears to validate e-mail addresses:

Twitter's Password Fails

Looks like nobody’s home at jackd@twitter.com:

Twitter's Password Fails

Twitter’s settings include an option to require “personal” infomation such as an e-mail or phone number:

Twitter's Password Fails

But that’s less than useless if Twitter won’t actually let you add your number:

Twitter's Password Fails

And just how “personal” is a phone number anyway?

Twitter's Password Fails

Two-factor authentication?

Sure.

But Twitter should first stop validating e-mail addresses.

And then maybe it could add an option to disallow logins via the publicly known username.

On 07/05/13 At 12:51 PM

Read more: Twitter’s Password Fails

Story added 7. May 2013, content source with full text you can find at link above.