Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Twitter Passwords Unmasked
Quote:According to Twitter, the unmasking of users’ passwords was caused by a bug, which Twitter said it discovered on its own. However, Twitter employees seem to have discovered it days after GitHub seems to have experienced the same sort of software flaw.
Twitter is now asking users to change passwords both for Twitter and for any other service where they may have used the exact same password, just in case someone may have stolen them in the time the passwords were unmasked. However, the company said it has found no evidence of a recent data breach.

Even though the National Institute of Standards and Technology (NIST) has recommended the deprecation of SMS authentication because it’s not secure, Twitter continues to rely on it for both two-factor authentication and password resets. This means anyone’s passwords could potentially be retrieved by malicious actors either by impersonating them to their carriers or by hacking the SS7 system that interconnects carrier towers. Twitter users are not given the choice to disable SMS codes for password resets or to use an alternative for two-factor authentication such as U2F hardware tokens or app authenticators such as Google Authenticator or Authy.

Forum Jump:

Users browsing this thread: 1 Guest(s)