How Twitter's new security feature locked me out

How Twitter’s new security feature locked me out

By Paresh Dave

Aug. 6, 2013 2:55 PM PT

Twitter updated its Apple and Android apps on Tuesday to include a feature that makes it tougher for someone to hack into an account. But don’t rush to turn it on.

By going to the security settings page in the mobile app, Twitter users can turn on “Login verification.” Once turned on, everytime users log into the Twitter account using the username and password, they’ll get a notification that says a “login verification” has been sent to their mobile app.

The user will then get a notice on their cellphone asking whether he or she wants to approve the login request. Click approve and Twitter launches.

PHOTOS: The 10 biggest tech gadget fails

This system is known as two-factor authentication because a successful login requires the password and possession of a second device. Traditionally, services rely on sending a passcode to the phone via text message or generating a passcode on a mobile app. But the cumbersome step of having to type in codes has deterred some users. Some also worried about what to do in areas with no cell service.

Twitter’s new feature generates a secure backup code that can be written down for circumstances where the phone might not be handy.

But the system appears to have launched with a few flaws. Some users have reported that their phone isn’t receiving login requests.

On my app, I had already turned on Twitter’s old text-message-based verification system. After turning on the new verification feature and trying to log in from a desktop, I ended receiving a text message with a 44-character alphanumeric code. Twitter appeared to have smashed the two systems together. Now, I can’t log in from my desktop.

Then, I tried logging in to the Twitter app from another Android smartphone. After entering my correct username and password, the login failed and the app said to try again later.

Back on my first phone, I was logged in but unable to send or receive new tweets. Twitter effectively locked me out.

After resetting my password online, I received the normal text-messaged passcode and was able to log in.

The app on my first phone started working again, even though it never prompted me to enter my new password that I had reset. But now I can’t log into Twitter on the second phone.

The company did not respond to a request for comment. Other users are also saying Twitter is behaving erratically.

ALSO:

New Nexus 7 more durable than predecessor and iPad mini

Cybersecurity salaries average $116,000; D.C. seen as center

Samsung gets ‘Galaxy Gear’ trademark as it readies smartwatch