Twitter’s New Account Protections

It’s been about a week since that Twitter admin account was brute forced. What was done at Twitter to make it better?

CAPTCHA’s. And errors. CAPTCHA’s and errors.

I created a Twitter account for testing (I didn’t want to lose access to my account). First, I logged in with the correct password just to make sure everything works.

I then tried logging in with a bad password. It gave me six chances to login. After the sixth attempt, I was presented with a CAPTCHA to solve.

Twitter CAPTCHA

I of course did not supply the correct credentials once again. I figured I’d get another attempt. I got some Twitterfail instead.

TwitterFail

I’m not sure if this is their version of an account lockout message, or if there is something actually wrong.

It’s been about 25 minutes since I took the screenshots, and I still get the error message.

Then, I tried to get in via Twitterberry. I wanted to see if it was just a website restriction. I supplied the correct credentials on my BlackBerry and initially thought that I was in.

Twitter Success!But it seems that it does not test authentication. When I went to view my timeline, I got this:

Twitter Invalid Password

I was just about to finish this post, when I decided to try connecting with Twitteriffic. It connected! I was able to login and tweet.

I went back to check the Twitter website, still fail. I tried on my BlackBerry again… still invalid username or password. If anyone has insight into how the Twitter API separates its authentication, I would like to hear from you. I am wondering why some login methods work, while some do not.

One response to “Twitter’s New Account Protections”

  1. edsmiley says:

    Hey Chris,

    To add to the oddity, I did the same steps as you but tried Twitterific on my Iphone and it authenticated and allowed me to post. Went back to the site, still locked out. Very odd indeed.

    Ed

Leave a Reply