The official Twitter communicationhttps://twitter.com/twittersupport/status/992132808192634881?s=21 …
-
-
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That's ironic. 3rd May was Password Day.https://www.daysoftheyear.com/days/password-day/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Nah. The twitter-thing was essentially def generate_reset_password(): password=[choice(string.printable) for _ in range(15)] log(password) return fancy_hash(password)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
GPDR check ?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Coincidence do not exist.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Is there any good article which can point out good ways to have great passwords and techniques to prevent from using same pass everywhere?
-
Use a password generator to get a strong password and then use a master password so you don't have to remember all your passwords for different sites.
-
But isn't it vulnerable to single point failure?
-
That is correct. Personally I don't use a master password. Sth almost similar but not entirely. But I feel like that is what is being pushed around plus it's probably the most secure way.
-
But you still you use password generator?
-
Yes. I just don't send over the web. When am feeling creative, I just write a simple js script to generate with all the conditions I need.
-
gotcha. do you also store it and secure the database on your own or just remember?
-
I obviously store the password (too many accounts and I never use the same password whatsoever). Admittedly, it's not a database I secure by myself. I use an end-to-end encrypted email client, one that doesn't store your password anywhere so if you forget it you lose your account
- 2 more replies
New conversation -
-
-
Password.txt
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
As soon as I read your tweet, the same thing popped up! Lolz
pic.twitter.com/URT1ABMT6S
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Their statement is a lookalike: We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account
-
credentials without revealing your password. This is an industry standard. Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords,
-
How could this even happen in the first place? How do you "accidentally" write an unhashed password to a freaking log file? This isn't a bug, this is a deliberate action being whitewashed as a bug.
-
I don't know... I wouldn't do that, as this data is toxic data
-
It is just ludicrous for them to claim this was a bug - I can't imagine any situation which ever warrants writing an unhashed password to a log file - the entire concept is batshit crazy.
-
You don't even need an unencrypted password for debugging! This is someone collecting passwords in Twitter!
-
Exactly...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.