Two Factor Authentication on Twitter is Broken

The online security of you and your friends and family is more at risk now than it’s ever been. People are still regularly using the same username and password across most, if not all their online accounts. Any leak of one set of access details is a leak of all their access details.

When two factor authentication was launched it became a saviour for these people. You would need physical hardware to generate or receive a one time code, as well as your username and password.

Twitter implemented this initially as SMS only one time code sending. You added your mobile number to your Twitter account and it would start sending codes at the point of login and requiring the code to login successfully.

The first version would only allow your mobile number to be connected to a single account, so if you wanted to secure multiple accounts you were out of luck.

There is also a flaw in the SMS system though which can allow hackers to redirect the security code to any number they choose. It’s not widely used, but still exists.

More recently Twitter added the ability to use other methods of two factor authentication. Apps like Last Pass, 1Password and Authy allow you to store all your access details behind a single master password.

Sounds great right? No more relying on mobile phones. Well, no. The trouble is, that to use a password manager with Twitter, you first have to add your mobile number to your Twitter account. You then have to manually disable the SMS option to stop Twitter always sending the SMS codes.

The kicker here is that if you remove your mobile phone number from your Twitter account, it also removes any other two factor authentication you’ve set up.

You cannot have two factor authentication on your Twitter account if you don’t have a mobile phone linked to the account.

This is an astonishing requirement, and one many security experts are calling short-sighted and even a dark pattern.

You would hope that Twitter would put security before all else, but in this case that doesn’t seem to be so.


You can find me on twitter via @HarryBailey

Add global Twitter Bootstrap modal listeners

If you’re ever browsed the Twitter Bootstrap javascript documentation then you’ll know that the modal parts of the Bootstrap library require some javascript to show and hide them.

Part of the javascript is related to events which you can attach listeners to so you know when your modal shown and hidden.

What they don’t tell you is that you can add a single global (or semi global if you want) listener to all modal events which will fire when any modal is shown or hidden.

$('body').on('shown', '.modal', function () {

	console.log('we have shown a modal');

});

For example the above will console log “we have shown a modal” when any modal is shown. You can switch the shown event to be show, shown, hide or hidden.

Twitter Bootstrap Tabs On Right Side

Twitter’s bootstrap css currently doesn’t support tabs on the right hand side or floated right. We’ll here is the css to allow it.

We’ll stick to existing naming. Twitter use secondary-nav within topbar so let’s use that…

.tabs .secondary-nav {
	float:right;
	margin-left:10px;
	margin-right:0;
}

The the html for the tab you want to float right you need:

The outcome is most tabs on the left and any with the new class positioned over to the right.

New Twitter Last Read Tweet Bar Bookmarklet

Update: Twitter has now added this to the site and the bookmarklet below is no longer of any use.

Got the new Twitter?
Annoyed that when you click the bar that says ‘x new tweets’ you can’t find the last one you had already read?
Harry Bailey to the rescue.

Update: Now works in Chrome, Safari, Firefox. Anyone checked Internet Explorer?

Drag the following link to your bookmark bar, go to the Twitter page that’s annoying you, click the bookmarklet:

(function(){ $('head').append(''); setInterval(function() { var last_read = $('div.stream-item.last-read'); if(!last_read.length) { $('div.stream-item:first').addClass('last-read'); } else if(last_read.prev().length) { $('div.stream-item.marker').removeClass('marker').removeAttr('style'); last_read.removeClass('last-read').addClass('marker'); $('div.stream-item:first').addClass('last-read'); } }, 2000); }();

[carousel keywords=”twitter development” tag=”fetchit-21″]

Sending To Multiple Twitter Accounts From One Device using SMS (text message)

Update: You can now signup and help in testing. http://bucket.harrybailey.com

I have been working on something recently to make my Twitter life a lot easier.

I don’t have an iPhone and I’m not planning one getting on in the near future, so I send sms messages to Twitter to update my status. Simple enough when you have one Twitter account. You just add your device ( phone ) to Twitter, tell it when to send you sms messages, and what to send you and off you go.

Sadly you can only apply a device to one Twitter account and can only send updated to one account from your device via sms.

Until now!

Continue reading “Sending To Multiple Twitter Accounts From One Device using SMS (text message)”