Motivation
Can't remember all third party applications you have granted access to Twitter? Me neither! It might be wise to remove the ones you do not use anymore, just to be more secure.
Each week I listen to security expert Graham Cluleys great podcast Smashing Security. In this weeks episode he talked about how his twitter account posted some nazi propaganda last week.
Even though he had two factor authentication set, he had earlier accepted a third party app, Twitter Counter, with read and write permissions to his Twitter account. Twitter Counter got hacked, and the hackers posted this to several other Twitter accounts too through the access of Twitter Counter.
Check your own Twitter account####
I found several services I don't use anymore and
Enter your Twitter settings (https://twitter.com/settings/applications) and take a look. Something old here with both read and write access? Even messaging? You can disable them one by one with just a click.
In the picture above, if I would like to revoke the IFTTT application, I just press the Revoke access button. The button will change:
Just leave the button like this if you wanted to revoke the access, otherwise press the now "Undo Revoke Access" button to get the access back.
In my case I found several third party apps I had forgotten about, some from 2010(!):
- Flipboard
Permissions: read, write, and direct messages
Approved: Tuesday, October 11, 2011 at 7:14:08 PM - CTFtime.org
Permissions: read-only
Approved: Thursday, August 21, 2014 at 8:25:23 PM - Bluenod
Permissions: read and write
Approved: Thursday, June 11, 2015 at 9:16:44 AM - IFTTT
Permissions: read, write, and direct messages
Approved: Sunday, October 18, 2015 at 6:24:25 AM - Futuretweets V3
Permissions: read and write
Approved: Tuesday, July 14, 2015 at 9:01:57 PM - Twittimer
Permissions: read and write
Approved: Wednesday, June 8, 2016 at 7:34:52 AM - Google Wave (Tweety)
Permissions: read and write
Approved: Monday, February 1, 2010 at 6:45:29 PM - img.mu
Permissions: read and write
Approved: Tuesday, December 10, 2013 at 4:26:05 PM - LinkedIn
Permissions: read and write
Approved: Tuesday, December 27, 2011 at 6:32:42 AM - Tweetbot
Permissions: read and write
Approved: Monday, August 25, 2014 at 4:47:47 PM - TweetCaster
Permissions: read and write
Approved: Thursday, November 22, 2012 at 8:41:51 AM - Commun.it
Permissions: read, write, and direct messages
Approved: Wednesday, October 7, 2015 at 1:53:04 PM - DISQUS
Permissions: read and write
Approved: Friday, June 10, 2016 at 6:19:40 PM - Nambu
Permissions: read and write
Approved: Thursday, November 22, 2012 at 7:15:39 AM - Periscope Web
Permissions: read-only
Approved: Saturday, March 11, 2017 at 12:13:06 PM - Twitpic
Permissions: read and write
Approved: Thursday, November 28, 2013 at 3:28:48 PM - TweetDeck
Permissions: read, write, and direct messages
Approved: Thursday, November 22, 2012 at 6:59:48 AM
Other Accounts?
Well, this was just about Twitter. What about other application you have accepted third party applications to have read and write access to? Take a look at:
- Facebook: https://www.facebook.com/settings?tab=applications
- Google: https://myaccount.google.com/permissions?pli=1
- Dropbox: https://www.dropbox.com/help/63
Happy access cleaning! :-)