Aside of the fact that security questions are the worst idea since Greedo shooting first, how is a custom picture supposed to help with my account security @Okta?pic.twitter.com/LUOoEWbkCJ
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
One thing it does is it helps prevent you locking someone else’s account due to having similar usernames.
Not really a "security" feature though! Kind of an anti-feature, to workaround a DoS that people trigger accidentally 
It’s supposed to load the “security image” after you enter your username only from a known browser. They give you a warning if you are connecting from a “new browser”. I haven’t checked how the mechanics work.pic.twitter.com/ZzrVTtTf3u
This is enlightening, thank you! (not considering psychological factors) this basically turns this into a cat&mouse game, right (RE, start selling phish kit, detect kit, mitigation is deployed, goto 10)?
Sure, but that makes the Phishing attack harder to employ. Also, that gives the site SOC at least an ability to ID/mitigate credential theft, as they would have data on which IPs accessed the login pages.
I dunno, I don't know how to write an audio driver but I'm still listening music - I just bought one from someone who did. Don't attackers just buy a phishing kit that does it all for them?
Wouldn't the server get a referer of the phishing site URL?
No, you can send any referer you want or none at all.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.