As we continue to search for answers on what’s going on with the Twitter password reset situation, the company is giving us information very slowly. The situation is very complex, because the users who are getting the emails, if it’s not being sent to spam, think it’s a phishing scam and are not resetting their passwords.
This is a pretty big problem for the Internet, and we don’t know why or how these passwords were leaked or compromised. Stay tuned on that, as we hope that Twitter will offer a statement soon.
Here’s what a spokesperson just told us regarding our questions on why the company doesn’t have two-factor authentication like Google and Box does:
We’ve certainly explored two-factor authentication among other security measures, and we continue to introduce features, such as https, to help users keep their accounts secure. This support article and this blog post offer additional information and tips.
While it’s too soon to dive deeply into Twitter’s practices on password protection, we do know that it does not use this two-factor authentication process that other companies do to keep their users safe. Can it be a pain to have this type of protection? Yes, but clearly it’s necessary, as we had our account compromised as well.
Even very savvy Internet folks are confused on the messaging in the email from Twitter, which says:
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/…As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
The email is written in the third person, instead of saying “We believe that your account…”, which has added to the confusion. The email is real. If you got it you should change your password. In fact, if you haven’t gotten the email it’s probably a good idea to do it proactively. This is all a great reminder that Internet security is not only important, it’s absolutely essential.
I don’t want to spread panic or anything, but if you use the same password that you have on Twitter for other services, you might want to change those, too.
It’s our data that’s at risk. Excuse me while I go change all the passwords to all the things.
UPDATE: Twitter has given us a statement on the situation.
[Photo credit: Flickr]