Tag Archives: twitter

Twitter only seems to have rudimentary support for Yubico keys?

I was fortunate enough to get a Wired Yubico key earlier in the year and a NFC key for Christmas that I can use with my phone. My intention was to use the new NFC key as my primary key with the Wired key as a backup key in case I lose all my keys or just the NFC key. This is the first in a series of enabling the keys to work with a variety of services. See my

I was originally hoping that I could also use the NFC key with my Surface Pro 2 so I would not have to keep plugging the key into the one usb port but apparently the Surface Pro does not support NFC.

Twitter:-

My first service that I setup was Twitter. I figured it would be fairly simple to setup and not earth shattering if I lost access to Twitter temporarily. By following the Two Factor authentication page on Twitter I had to jump through a couple of hoops to get it working. First I had to enable 2 Factor Authentication that defaulted to my mobile. Once this was enabled and I had verified my identity through an sms message I was then able to add a Security key. I plugged the NFC key into the USB port, pushed the button twice and I was successfully logged in. I was then able to add an authenticator app option and generate a backup key code in case I lose my key and then finally delete the txt authentication method as this is the 2nd weakness in the security chain (after poor password choice.

The Downsides

Unfortunately it seems that you can only use one hardware key with Twitter which means you have to not lose that original Yubico key! This risk can be mitigated by having a 2FA app on your phone and also saving the backup key somewhere safe – I use Authy for the Key generator and keep the backup code in Lastpass and tag each site entry with #2FA so I can easily search Lastpass to find all the sites that require 2 Factor. I’ve also added #2faNFC to keep track of which key is used for which service.

The other downside is that it appears that the Twitter mobile client for Android does not support hardware keys and generates a “This browser doesn’t support security key logins” error message.

Twitter login prompt failure when using a hardware key on a mobile device.

It appears that only desktop pc apps using a browser can support the USB Hardware keys – hopefully this will change in the future as hardware keys get more and more popular. For the mobile login, select “Choose a different verification method” and then use the authenticator app option.

I also have to come up with a way to make the key easy to plug into the laptop(s) – the surface only has one USB port (with a docking station attached) and reaching around to a docking station to plug in a key will get annoying pretty quickly. I think I’ll be getting a USB extension cable that it can be plugged into.

As mentioned earlier, this is my first experience with the hardware key. It was easy to setup but just a little frustrating that the new NFC device can’t be used on a mobile (for Twitter at least).

Have you used a hardware token such as a Yubikey? Please et me know in the comments below!

When changing password on Twitter – update your plugins too

A while back I changed my twitter password – not realising how many other applications I would need to change…The first thing I had to do was go and change my tweetdeck installations which wasn’t too bad. However, this did mean changing it on three different machines.

This morning I posted a new blog post on IRL and realised that the post hadn’t made it to @helsbyhome on twitter. Checking in I realised I had to change my twitter plugins within wordpress too. These plugins haven’t been working for a couple of months now – oops!

For those of you are are interested, I’m using twitme and twitter updater with Tinyurl – any suggestions on alternatives or what do you use?

Microsoft Volume License site practically useless at the moment.

Microsoft “upgraded” their licensing site and in the process managed to break the functionality that allows you to request access back to the licenses that you could see before the upgrade. After wasting an hour trying to obtain our licenses online and 2 hours on the phone to try and speak to someone I eventually twittered my frustration and got a message back from Microsoft_VLSC to say they were aware of the problem and offered some help.  I’m currently still without access to my agreements but at least I now know someone is aware of my issue and is looking into the situation.

A note on the front page of the licensing portal would have saved lots of people a lot of time and a lot of frustration (and also saved the poor twitterer from having to message everyone who was having a problem).

To make matters worse when we called up on Tuesday night to activate a Windows 2003 server we were told the product activation systems were also unavailable. Interestingly this happened on Patch Tuesday, after a zero day exploit and I know that Microsoft were hit internally by slammer when that was launched, so the conspiracy theorist in me wonders……. If it’s not a worm, you’d have thought that Microsoft would be able to cluster together a couple of servers so their product activation system would stay up and allow customers to obtain a key so they could access the servers after product activation had crippled the server that the customer had paid for.

Twitter helped me with powershell this week.

This week at work I’ve been doing a fair amount of work with powershell. It has been a slow process as I’ve had no training in powershell and was basically teaching myself as I went along. I had two goals in mind.

The first was to automatically attach a mailbox to a temporary account, export the mail within this mailbox to a pst file, move the pst file to a folder and then delete the account again.  As Exchange2007 needs to use powershell to export the data I had to change my user deletion script to run within powershell.

My other goal was to write a report for all mail sent or received through the exchange server in the past 24 hours. Using the exchange tracking logs I was able to pull the information required to do this.

The second problem was causing me more hassles  as I could not work out how to retrieve the time from 1 day ago AND have the result in the format needed for the next part of the script. I could get the current time in the correct format OR I could get the time from 1 day ago but not in the current format. I went onto the #powershell room on irc.freenode.net but it looked like everyone was asleep as I didn’t get any response to my query.  I decided to post a tweet on twitter about the problem and within 5 minutes I had about 3 or 4 responses which was great. At the same time I also got a response in the chatroom. As usual with coding, there are several ways to get an answer.  However Jaykul was very helpful in telling me that “get-date (get-date).addays(-1) -f g”  is 2 ten thousandths of a second quicker than “[datetime]::now.adddays(-1).tostring(“g”)”
Best way to get the Time from 24 hours ago.
Now you can probably see why I was confused and struggling to get the code working!

I’m going to post the resulting code in the next posts to make it easier to search on.

Retaggr card.

Retaggr is a new service that provides links to all of your profile pages on the various social websites, provides twitter updates and affiliation links all in one card. Mine is included below and will eventually get added to the side bar of the website (or added to the AboutMe section)

This functionality is great for gathering all the buttons together and keeping people up to date on your latest tweets etc. It’s also great for stalking someone or for doing research on a job applicant!
I did notice that the goodreads link was broken – shot off an email to them and less than 10 minutes later it was fixed – very impressive. I’ve added a request to have links to the geocaching website added too.