Two Factor Authentication on Twitter is Broken

Your online security is more at risk now now than it’s ever been. Many people use the same username and password across most, if not all their online accounts.

When two factor authentication was launched it became a saviour for these people. You would need physical hardware to generate or receive a one time code, as well as your username and password.

Twitter implemented this initially as SMS only one time code sending. You added your mobile number to your Twitter account and it would start sending codes at the point of login and requiring the code to login successfully.

The first version would only allow your mobile number to be connected to a single account, so if you wanted to secure multiple account, you were out of luck.

There is also a flaw in the SMS system though which can allow hackers to redirect the security code to any number they choose. It’s not widely used, but still exists.

More recently Twitter added the ability to use other methods of two factor authentication. Apps like Last Pass, 1Password and Authy allow you to store all your access details behind a single master password.

The trouble is, that to use a password manager with Twitter, you first have to add your mobile number to your Twitter account. You then have to manually disable the SMS option to stop Twitter always sending the SMS codes.

The kicker here is that if you remove your mobile phone number from your Twitter account, it also removes any other two factor authentication you’ve set up.

You cannot have two factor authentication on your Twitter account if you don’t have a mobile phone linked to the account.

This is an astonishing requirement, and one many security experts are calling short-sighted and even a dark pattern.

You would hope that Twitter would put security before all else, but in this case that doesn’t seem to be so.


You can find me on twitter via @HarryBailey

Fewer, better notifications

One of my focuses for this year is to reduce my anxiety levels. I wouldn’t class them as out of control, but I do have periods where they’re concerning.

I spent a little time recently looking at what triggers anxiety for me. Although I came up with a fair list, the reasons I see as simplest to deal with are ‘fear of missing out’ and feeling overwhelmed.

It doesn’t take much imagination to quickly link these two triggers back to mobile phone notifications and app badge counters.

For me the obvious change to make is reduce the triggers in terms of quantity and invasiveness.

On the other side of the fence are mobile applications who’s very life-blood is to regularly pull you back into their world. The reasons aren’t always sound, and when you accept notifications for those apps, you don’t know how vague those reasons will be.

Will allowing notifications mean you’re alerted to triggers purely designed to draw you back into the app?

The only notifications I want. to receive are those which are time sensitive and genuinely important.

I use my phone enough that just displaying an app badge can be enough to show me there is something to be aware of. I don’t need anything to pop-up on my phone or in my notification feed.

So I’ve essentially had a cull of all the apps I never want to hear from. Adobe are allowed app badges, but many are not. Those who can send me notifications are under review. If an app abuses the permissions I’ve allowed it, I just remove them.

Very few notifications I was was seeing were something I couldn’t do without. Monitoring of banking and web services are possibly the only exception.

Initially it was a strange calm. Now it feels like a pleasing silence.

Plug hunting

Why digital nomads no longer care about free wifi

Many moons ago, enterprising coffee shops and bars looking for a unique selling point would have wifi installed and post ‘Free Wifi’ in big letters on their doors, windows or boards outside.

It was rare and revolutionary at the time. As a remote worker looking for places other than your own home to work, you suddenly had choices which weren’t libraries or large public buildings.

Coffee has also come a long way since those days. Most coffee shops now have the ability to knock up an acceptable cappuccino, latte or flat white.

But fast forward to recent years and the same remote workers now have power hungry laptops, and use far more battery saping applications to do much of their work. These remote workers are also carrying phones and other usb devices which won’t withstand heavy usage and survive the day.

And so the plug hunt was born.

Unlike the remote working crowd, it doesn’t feel like many businesses have cottoned on to it yet, but some coming through the door will circle around looking for seats where there are easily accessible plugs. If there aren’t any, they may just walk staight back out.

As a remote worker, I not only maintain my own list of places who have plugs, but also whether the staff are happy for you to plug your own equipment in, and where the seating with plugs is situated.

A key part of planning my remote days is to review my list for where I’ll work, how long I can go between charges, and which tasks will use most power when I’m not connected.

The next logical step is for businesses to install, and promote plug socket access to go along with their free wifi and coffee.

There is a downside to this. If you offer remote workers free wifi, good coffee and plug sockets, your business is likely to be full of remote workers. They aren’t the highest value customers, and don’t spend anywhere close per hour to those coming in for a meal and then immediately leaving.

A one off or hourly charge for plug access might go some way to making the revenue side of the promotion work. A limit on free power to quieter times of the day might also help.

For now the plug hunt continues.

Anxiety

This post is part of my plan to write at least 300 words a day on tech, wellbeing, productivity, agile methods and a little about me.

For me anxiety comes in two flavours. Both are equally impactful in their own attention grabbing ways.

In the last twelve months, since I returned to working for myself, they’ve made themselves known at least ever couple of weeks. Reducing anxiety is a focus for me in 2019.

The first flavour of anxiety I experience is a spike. An chest-tightening worry which can last up to two hours. It makes doing anything very difficult.

The second is a mild background anxiety which continually pulls my attention back to it and has been known to ruin time with family, friends and even my sleep.


I’ve got a good idea of the different triggers for the two.

Spike anxiety is caused by a sudden realisation, or discovery of something I didn’t do, or didn’t get quite right.

If you’ve ever experienced the “heart-sinking” feeling of forgetting something important, then it’s just like that, but doesn’t stop after the usual second or two.

Mild background anxiety comes at me slowly. It builds up as I dwell on something that wouldn’t be a problem if I weren’t to build it up in my head.


Dealing with them is less of a science than I would like.

Spike anxiety comes from nowhere, and the best defence I’ve found against it is to take action on the thing causing it as quickly as I can.

That could mean contacting somebody, putting a reminder in my diary or writing some notes to help make sense of the worry.

Mild background anxiety is more of a battle. To halt it I have to stop my brain from dwelling on the thought for long enough to bring the focus of it back down to size. So a good positive distraction is required.

That might be a good tv program, singing along to music I know well, a phone call which requires focus.

Long term, I think it’s possibly to reduce my general anxiety by changing things in my life, and working to be calmer and more considered when things do come along.

For me, this might mean avoiding some situation, and even people. Beyond that possibly meditation or other mindfulness techniques.

300 words

I’m keen to continue improving my writing in 2019, both quality and quantity. I’d like it to become something I do daily, and something I lean on to fill gaps in days that I have, rather than defaulting to social media browsing. It’s right up at the top of my list of focuses for 2019.

I’ve decided on 300 words as it seems a fair target. A target I can hit on a commute, on a lunch break, between pieces of work, before heading off to bed in the evening.

I’m not setting any boundaries when it comes to subject matter. That being said, I’ll likely mostly stick to tech, wellbeing, productivity, agile methods and a little on me.

I’ve written fairly frequently over the last ten years. The destination for the content I was writing were pretty broad and the length very varied. I’ve written short tech blog posts detailing a process for completing something technical. I’ve written marketting pieces sharing the benefits or details of a product or service which I was involved with and wanted to sell. I’ve written for social good campaigns that I’ve supported. I’ve even written some pretty heavy lifting specification documents.

I want to get away from all of that. The writing I do in my 300 word pieces is likely to be opinion focused, and a way to voice my thoughts without spending a huge amount of time on the data and the detail.

If conversations are triggered, then that would be great. Occassionally the 300 word articles may lead to more detailed writing on the same or similar topics.

Just enough process. As few rules as possible. Learning as I go. A great outlet for my thoughts, and possibly placeholder for projects or longer form writing. A great way to just practice my writing, often.