Password changed on computer, still logged in on mobile device


#1

We recently experienced a hack of some kind on our Twitter account. As such, and as per best practices, we logged into our account on a PC and changed the password. However, I discovered we I was still logged into the same account on my mobile device - that is, my mobile device did not in fact punt me or prompt me to enter the revised password. This is problematic for our organization. Say we have an employee who uses our Twitter account on their mobile device regularly. When that employee quits, or is let go, we would obviously approach changing any and all passwords . However, even taking that step apparently wouldn’t prevent them from continuing to log in to our Twitter account on a mobile device. I guess I’m just surprised that the Twitter app on my iPhone kept me logged in after I changed the password on my PC. Shouldn’t it boot me and prompt me to enter the new password? It looks like phone login/pass is syncing directly with the PC info. This seems like a glaring oversight to me, but maybe I am missing something.


#2

Applications don’t use your password. Instead, when you allow an application (like on your iPhone) to use Twitter on your behalf, the application is given its own password (in a sense). To turn off the application’s password requires revoking it’s permission.

See this page for details:

https://support.twitter.com/articles/20169494#revoke-access-via-web