Chillax

Locking my Twitter account after a few bad password attempts then telling me to “chillax” for a few (few minutes? few hours? few months?) is really annoying.

How’d I get here? Well I downloaded Bluebird a new twitter client. I gave it a few minutes of my time but found the beta to be feature lacking and buggy. So oh well I go back to Twitterrific. It’s asking for my credentials.

Ok so annoying long term issue one: Why the hell do all these desktop apps and Safari seem to clobber each others credentials caches so much? Every time I visit Twitter in Safari I click the “Remember me” checkbox and every time is does not remember me.

Second issue. This is a mix of Twitter API and App behavior, but Twitterrific will sit there all day and let me try passwords. I get no warning that I have X more tries before lockout and when the lockout does happen it will simply continue to let me try passwords, which is a real brain fuck cause I’m using the working password and I still don’t get in.

The Twitter API needs to be more forthcoming about lockout and password tries, and the apps themselves need to use these to be more transparent to the users about what’s really happening.

Posted on: April 2, 2009 – 2:41 PM

8 Comments

  1. David wrote:

    A friend has just released a beta dashboard twitter app. It uses the new OAuth method for Twitter, which means no need for username and password. http://airmailr.com/ Maybe that could help in your quest for chillaxing!

  2. Jonathan Wight wrote:

    Twitterrific seems to be the only desktop app that clobbers the twitter.com cookies, I’ve yet to see another app do that. Craig assures us it’ll be fixed… Not sure when though.

  3. Joe McMahon wrote:

    This is actually Good Security Practice - this prevents hackers from figuring out that they actually did hit your password while trying to break in, so they abandon it and keep trying others.

  4. Mike Zornek wrote:

    @Joe I agree locking out an account after bad password attempts is a good security practice. I am complaining that twitter and its clients don’t do a good job of explaining how this works from a user end. Most lock outs I’ve seen end with an action I can perform to unlock the account. Telling me to chillax for an unknown amount of time isn’t professional.

  5. Nick wrote:

    This seems to be the “cool” thing for web 2.0 companies to do nowadays - it’s all a bit too informal IMO.

  6. Nick wrote:

    I am of course referring to the “chillax” terminology, rather than their security practices :-)

  7. Sharon Chase wrote:

    Yes, I just got the same message, and although I did think it was funny for a second, I did NOT think it was funny when I DID “chillax” for a second and then went in to try again and still can’t get it. Agreed. More professional user info please, Twitter.

  8. Meryl Runion wrote:

    Anyone know how long the lockout is?

Post a Comment | Comment RSS feed

(used for gravatar), address not displayed on site)