The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,419 other followers

«
»

Dear Twitter: masked passwords are not the same as hashed passwords. Please refrain from storing them in any recoverable form.

Posted by jpluimers on 2018/05/04

Apparently Twitter not only logged plain text passwords, but they handle them in a masked form:

Keeping your account secure

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. Learn more

Go to Settings
Skip

This seems to imply passwords are not hashed, but can be recovered into plain text.

Please Twitter, ensure that passwords are never recoverable.

Note: after changing your password at https://twitter.com/settings/password visit https://twitter.com/settings/applications

–jeroen

This entry was posted on 2018/05/04 at 09:00 and is filed under LifeHacker, Power User. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s

«
»
 
%d bloggers like this: