I hear that Twitter is shutting down and that it’s now considered dangerous to be using “Login with Twitter” on other sites due to potential site hacks. Not good! How can I revoke all of my Twitter login authorizations ASAP?
While it’s clear that Twitter is in the midst of a turbulent and chaotic period with the change of ownership and purge of existing employees, I have to say that I am not convinced that the service is going to go kaput in the next 72 hours and then be wide open to hackers and malicious actors. That might just be a wee bit of hyperbole from the anti-Musk crowd. Either way, however, whether Twitter is going to be just a distant social media memory in three months or a thriving and growing re-invented all-in-one social media service, it’s always smart to take the time to review your security and affirm that the authorized apps or Web sites utilizing your Twitter account or credentials are all safe and legit.
In general, I recommend against the “login with X” shared credentials anyway, whether it’s Apple, Facebook, Google, Twitter, or another service. It’s convenient, but it’s risky because if one is compromised, it can make accessing other sites and services much easier for a ‘bot or hacker. Instead, I suggest a robust password management system with long, complex password suggestions like 1Password or LastPass. I use 1Password to have different account credentials (and different passwords) on every site I use nowadays. Oh! And turn on 2-factor authentication too.
FINDING SECURITY SETTINGS ON TWITTER
To start, let’s get to the Security & Privacy settings on Twitter. Easiest is to go to Twitter.com in a Web browser. It’s a slick interface and the left side shows lots of categories to help navigate the network:
Click on “More” and a menu pops up:
If you’re curious, the latest information about Twitter Blue is interesting reading, but if you don’t think it’s worth checking out while everything is in such a high level of chaos, well, no worries, just ignore it for now. At this point you want to click on “Settings and Support“, which expands the menu with a few more choices:
Now we’ve found Settings. Okay! Click on “Settings and privacy” to proceed…
TWITTER SETTINGS AND PRIVACY
This, finally, moves you into the world of Settings and Preferences for your Twitter account, and there are a lot of options! Choose “Security and account access” from the left side, and it will show three main areas:
This is a good time to hop to Security and ensure you have 2-factor authentication enabled (and I recommend both text messages to your phone and an auth app like Authy for redundancy). Here’s a tutorial: Protect your Twitter Account with 2-factor Authentication.
For this task, however, click on “Apps and sessions“…
I am always curious about logged-in devices and account access history, both worth a peek, but click on “Connected apps” to see what apps and Web sites you’ve authorized to utilize your Twitter account in one form or another.
APPS AND SITES AUTHORIZED TO UTILIZE YOUR TWITTER ACCOUNT
The list is interesting, but it’s listed by service, not necessarily by how that site or service is using the credentials:
Fortunately, you can actually click on any of the entries listed and learn a bit more about what level of authorization you’ve enabled. For example, lower down on my list is the formerly popular and now fairly dormant Clubhouse social chat app. A click reveals how it’s using my Twitter account:
This one’s a read-only access to my Twitter account, which is no different to my public feed since I don’t have an invite-only Twitter account. Not too alarming. The important thing here, however, is the red link Revoke app permissions. Since I am no longer actively using Clubhouse, it’s a reasonable request to minimize my exposure to potential hacks and malicious code. Oddly, there’s no confirmation that the app permission is actually revoked, but the site will vanish from your list of connected apps.
TweetDeck, a Web site that’s tied directly into Twitter and offers an alternative way to interact with friends and followers, has a lot greater permission:
Notice I granted permission back in 2010 and the credentials still haven’t expired. Not sure why it doesn’t auto-expire everything on an annual basis. It would be a momentary pain to log in again, but still seems better than having something authorized for 12 years without once checking if I want to retain that external access.
CONNECTED ACCOUNTS
Finally, once you’re done cleaning up this list of apps and sites, go back to the “Security and account access” page and choose “Connected accounts”. I don’t have any – as I said, I prefer separate accounts on other sites and apps – but if you have any, this is where they might also show up:
If they are here, this is where you can revoke and remove those connections. Before you do, however, make sure you have another way to access your accounts on those sites too…
And that’s it. Now you know how to ensure that you know exactly how your Twitter account is enabling other apps and Web sites and how to axe that access as needed. All that’s left is to grab some popcorn, settle into a comfy chair, and watch how the next few weeks unfold at Twitter HQ.
Pro Tip: I’ve been on Twitter since the early days and have written lots and lots of useful tutorials. Please check out my twitter help area for more useful guides. Oh, and why not follow me, @DaveTaylor, on Twitter too? Thanks!