It’s been about a week since that Twitter admin account was brute forced. What was done at Twitter to make it better?
CAPTCHA’s. And errors. CAPTCHA’s and errors.
I created a Twitter account for testing (I didn’t want to lose access to my account). First, I logged in with the correct password just to make sure everything works.
I then tried logging in with a bad password. It gave me six chances to login. After the sixth attempt, I was presented with a CAPTCHA to solve.
I of course did not supply the correct credentials once again. I figured I’d get another attempt. I got some Twitterfail instead.
I’m not sure if this is their version of an account lockout message, or if there is something actually wrong.
It’s been about 25 minutes since I took the screenshots, and I still get the error message.
Then, I tried to get in via Twitterberry. I wanted to see if it was just a website restriction. I supplied the correct credentials on my BlackBerry and initially thought that I was in.
But it seems that it does not test authentication. When I went to view my timeline, I got this:
I was just about to finish this post, when I decided to try connecting with Twitteriffic. It connected! I was able to login and tweet.
I went back to check the Twitter website, still fail. I tried on my BlackBerry again… still invalid username or password. If anyone has insight into how the Twitter API separates its authentication, I would like to hear from you. I am wondering why some login methods work, while some do not.