When I go to sign up for a new site or service, I often opt for the Twitter login. It’s easy. But now I’m wondering, what apps and sites have I granted access to my Twitter account itself? Is there a way to see a list and revoke those I don’t want to be able to access my account?
Proponents of the single login philosophy point to the convenience of having a single account and once you’ve verified and confirmed that, you then have access to your accounts on dozens of other sites too. Definitely convenient, but is it smart from a security perspective? Well, if the site you’re joining has poor security, no two-factor authentication, weird password rules (like only letters) that make your credentials easier to hack, maybe it is a better idea to use it. If it’s a modern service with good security, however, I’m rather a fan of having lots of separate and independent accounts on the various services, relying on my 1Password software to keep track of the site credentials.
I might be in the minority here, and certainly, there are apps and Web sites that offer Facebook, Twitter, Google, Apple, and other existing credentials for signing up and proving your identity. Sounds like you’re a fan. Which does bring up the incredibly important question: What sites and apps can access your account, and exactly what access did you grant? Fortunately, with Twitter, there’s a way to find out…
CHECK YOUR TWITTER SECURITY SETTINGS
I’m going to use the Twitter Web site for this article. Log in to your account at www.Twitter.com, and on the left side you’ll see a menu:
Yes, I’m using the dark theme, which is why it’s white text on black. You can change that if you want to try the dark theme too.
For now, click on “More“, the last option on the menu. A new menu will appear:
Choose “Settings and privacy” from this sub-menu.
Great, you’re in the right place.
SEE A LIST OF APPS THAT CAN ACCESS YOUR TWITTER ACCOUNT
At this point, choose “Security and account access” from the menu on the left side. Here’s what you’ll see:
If you guessed that you want to click on “Apps and sessions” you’re correct
Click on, well, you know. 🙂
It offers four possibilities because this is a very hierarchical settings and preferences layout!
Choose “Connected apps” and, finally, you can see what apps (and Web sites) you’ve opted to allow access to your Twitter account, either for login or security purposes, or because you want them to be able to check stats, analytics, or even post on your behalf. If it’s like mine, it’s a surprisingly long list. Here’s an excerpt:
I’m not sure what the ordering is but above you can see The Creator Marketplace (Izea), CreatorIQ, dlvr.it, Instagram, iPayYou.io, and Reddit Official. All sites I recognize, which is good, but let’s say that I decided that I wanted to disconnect from iPayYou [a slick gift card marketplace that lets you easily cash out your Bitcoin ] because I haven’t logged in to the site in over a year anyway.
To revoke an app’s access privileges to your Twitter account, click on the site or app in question and a more detailed record will be shown:
In this detail view, you can see the site’s tagline – “The World’s Easiest way to eCommerce” – as a reminder, and when you approved the site’s access to your Twitter account – in this case, way back in November 2016.
More importantly, you can see what permissions you granted: Read, write, direct message, and access to my email address, in this instance. That’s a lot! Now just because a site or app has access to write to your Twitter timeline certainly doesn’t mean that it’s actually sending Tweets on your behalf at 3:00am, so no reason to panic, but… does this site really need that access?
To revoke these permissions, a click on “Revoke app permissions” does the job. In fact, once you’ve done that, if the site or app had been doing unexpected and troubling things with your Twitter account, you can report it too:
I presume that it is routed to someone at Twitter in charge of app security so they can investigate and, if appropriate, shut down the site and its access to the Twitter account system.
And that’s it. Now, jump on to www.Twitter.com and check to see what apps and sites have access to your account. All told, I revoked permission for over a dozen sites when I went through this exercise. The good news? If you’re too enthusiastic, you’ll just have to log in to the site again, not a big deal at all.
Pro Tip: I’ve been on Twitter since the early days and have written lots and lots of useful tutorials. Please check out my twitter help area for more useful guides. Oh, and why not follow me, @DaveTaylor, on Twitter too? Thanks!
thanks it helps a lot,