A Wall Street Journal journalist has published his Twitter password to prove the value of two-factor authentication. Christopher Mims remains unhacked, but his argument hasn’t been entirely borne out.
Mims wrote a piece titled “The Password Is Finally Dying. Here’s Mine” with the subheading “Device-Based Authentication Is Making Passwords Irrelevant.” Ironically the piece is behind a paywall meaning many readers will need a password to see it, though workarounds for the Journal’s viewing restrictions aren’t exactly a secret.
The thrust of Mims’ argument was that two-factor authentication makes the password irrelevant and a dying entity. Of course, that somewhat ignores the fact that the password is very much one of the two said factors.
To attempt to prove his point, Mims revealed that the password for his @mims Twitter account is “christophermims” though he didn’t divulge whether that’s always been the case or he deliberately chose something “obvious” to make the point.
The good news for Mims is that nobody has yet gained unauthorized access to his account and made bogus posts. The bad news is that, predictably, he got a steady stream of text messages as people attempted to log-in and Twitter sent a verification code to his phone. He says he was soon getting two messages a minute and eventually had to switch the default to having the authentication run via the Twitter iPhone app.
To make things even worse, the Twitter authentication process meant anyone attempting to log in to Mims’s account could see his listed phone number, which of course quickly appeared online. Mims hasn’t revealed how many people tried to call him, but his number is now out of service and he says he’s switching to Google Voice for his voice call needs.
Mims says he will be detailing his experiences in a follow-up piece later today, but insists he has proved his point. That’s true only to a limited extent. His revealing his password hasn’t led to anyone accessing his account (as one Twitter user noted, thankfully he wasn’t mugged for his phone), but he sure has illustrated that keeping your password secret makes life a whole lot easier.
It appears Mims has now changed his Twitter password.