October 2011

Friday was a sad day, since my twitter account @imelve was hacked. I opened a webpage, via a pointer in a message from  a trusted source, and then things started going wrong. Within a few minutes, my account started to send malicious messages (se below)

And then my friends started to warn me. Luckily one of them warned me by text message, since Friday night is mostly family time and I am offline. Twitter does not run my life, it is but a small part of my online presence. And snuggling up to the kids take precedence. But the message talked of danger, and I did not know what else was compromised on my PC/mobile/iPad. It was time to take back control of twitter

  1. Change twitter account password
  2. Revoke application privileges (I had 25 apps with privileges registered, only one from the malicious site)
  3. Start tidying up app passwords, since leaving this undone may lead to blocked twitter account due to large number of failed logins
  4. Delete messages with malicious content, wading through all streams I have sent.
Taking your life back is never easy. Twitter helped by giving a single page where I could revoke account privileges. Getting the apps to work again afterwards? Not fun. The app privileges were harder to deal with than they should have been, since
  • I use twitter on PC, mobile phone (Android) and iPad. They have all had multiple renovations and upgrades where apps and web sites get twisted around.
  • I did not remember which apps I actually use.
  • I did not remember how to change passwords in all the different user interfaces. (Thank you, Flipboard, for making this easy, including meaningful error messages. The rest of you apps know who you are.)
I am still not done with the apps, but my life is back on track. Sort of.

Professor Audun Jøssang has formulated some useful principles for security usability. I wish more people would reflect on these, and what their practical implications are for the systems and web pages we offer our users today. And I really wish Facebook would read them.

The rough statistics for usability is

  1. 35% of the people will understand, almost no matter what you write or do
  2. 40% will have cognitive challenges at some times
  3. 25% do have special challenges understanding

Given this, and the fact that most web sites aim at the population at large, we really need to rethink the mental load we place on our users.