We have witnessed an increased number of security breakdowns involving twitter where several people have even completely lost the access to their twitter accounts. While the reasons behind each case are open to speculation I’ll focus on issuing tips on how to prevent this from happening to you or at least reduce the chances of it happening.
Though it may sound doubtful at first, you are actually safer using a third party twitter client than the actual twitter.com website, provided the following conditions are met:
- The most obvious one, don’t let anyone else have access to your twitter password and the email account linking you to your twitter account. This is the most important thing you can actually do to protect yourself from identity fraud and impersonation.
- Make sure you know the third party twitter interface you will be using. Be wary of twitter clients that automatically make you follow their official accounts. That is probably not the only thing they have hidden up their sleeve. If in doubt, revoke.
- Make sure the browser you are using is not set to remember passwords, or if it asks to save your password don’t let it. This is most important if you use public computers or a device you don’t own.
- If on Google Chrome or any of its variants check under Wrench>Options>Personal Stuff>Show Saved Passwords then Remove All in case it has saved your password.
- For Firefox go to Options under the Security tab. If the Remember passwords for sites option is checked go to Saved Passwords and Remove All
- Alternatively in most browsers use Shift+Ctr+Del to bring up a dialog box that will enable you to clear passwords and any other data you want to get rid of.
- Now that is sorted out
- Go to the url of your favorite third party twitter client
- If it’s already authorized for your twitter account you may skip to the last step(4)
- If the client or app is not logged in, you will have to go through the twitter oauth process which authenticates and allows the application to access your twitter account in extension allowing you to tweet with it.
- Open another tab and go to twitter.com. Sign out then close the tab and continue tweeting via the third party client.
So why the extra effort of using a third party application, and ensuring you have logged out of twitter.com? Well, as of the time of writing this article twitter hasn’t implemented any safeguards on its websites that allow you to view the number of concurrent active sessions i.e. they can’t tell you how many other places you are logged in at the same time, and don’t offer the option of logging out all other instances remotely (Gmail has that).
This means that if you forget to log out of twitter.com on a public computer somebody can pretty much screw around with your account in any way they want EXCEPT change your password and email; to do that they need to provide your password to confirm changes.
They may not have covered the security on twitter.com completely but the twitter api has.
If you find any suspicious activity from a third party application with your twitter account, or you’re not sure you logged out of it somewhere all you need to do is log into twitter.com, go to security under applications and revoke access by that application and all active/existing authorization tokens will be made obsolete effectively logging you out.
To authorize the application again just follow the steps provided previously.
This article was contributed by Leo Ben, a systems developer currently working with Capital FM. Talk to him on twitter on @iz_ben.
