nesdev.com

Update: if you get a email that's signing up a twitter account for you Click the "not my account" link. if you fail to see it, read the HTML part of your email.

tl;dr: Angry rant against twitter, Yet another decade I'll not be in social networks.

This year for nesdev I had planed a joke interaction where I implied that I lost interest with developing NES games and quit in favor to develop independent video games. In my farewell message I was going to include a link to a twitter account, because all indie game developers have twitter accounts. The account was mine in 2009 but I since abandoned it. The abandoned account was reused by a spammer and got suspended, so it would of looked like I got suspended. As soon as someone pointed that out I would of proceeded to create a new true account.

But here's the twist. This morning some jerk spammer used my email address to sign up for a account and promptly got suspended. I did not confirm that sign up but twitter refuses to accept my email address due to it "being used" despite that I *never* confirmed it! On top of that it seemed like the only way to talk to twitter at all is to log into the account created at my expense. I filed out their forms but I don't think I'll get a response back, as it seems the system won't care until I link some cell-phone number.

The end result is that yesterday I was able to sign up for a twitter account without a phone number, but now for no fault of mine I can't, and the system (like many other systems since 2013) will continue to bully me into giving up a cell-phone number I'm not free to give. So now when people ask why I'm not in social networks, I can answer it's because those systems refuse to have me.

The joke's on me.

Edit: Changed thread title.

Yeah, this whole "give us your number" thing is complete bullshit. The only other solution I can think of is just making another E-mail address, but I'd understand if didn't want to do that (I've got a "work" and personal E-mail and I barely check any of them, so that's why this doesn't phase me). Seriously, why should they ask for a freaking cell-phone number? What if by some weird chance the person doesn't have a phone? (Seems crazy today, but I wouldn't be surprised to see a person like that) What if the person just doesn't want to give personal information? I don't really know what they should ask for, in case something goes wrong like this.

_________________
Greetings! I'm That Bio Mechanical Dude and I like creating various stuff like movies, games and of course chiptunes!
You can check out my YouTube Channel.
You can also follow me on Twitter.

Ability to receive SMS at a particular number is used as a means of password recovery or of two-factor authentication. Password recovery ensures continued availability of your account should you forget your password. Two-factor authentication ensures continued unavailability of your account to attackers should an attacker guess your password.

I'm really not sure as to why these websites are so crazy in how they want your password to be. I made a 8 letter password that nobody would be able to guess, unless they were like some sort of renowned super hacker or something, and then one day, they decided it wasn't good enough and wanted me to put in four numbers too. (Which is annoying, because it's now off from all my other passwords for everything else.) Why do they care so bad? I can't even list one person who'd want to break into my email. Could they get sued or something?

Don't think about you. You're not the only one the service is for. Think about people dumber than you. It is significantly easier to force a "good" password than it is to deal with the support emails from a person who has been "hacked". If someone guesses my password because my password is "password" (which by the way, is also an 8 letter password), I'm still going to want my account back. I'm going to have to contact twitter's (or whoevers) support, and some person will have to help me and verify I'm really the owner of the account.

And doing that for just five people is probably more time consuming than the simple string check they had to write to force passwords to be at least slightly harder to guess at random. And it's true that this alone doesn't stop bad passwords, like p455w0rd. But dumb stuff like that can also be filtered out in much less time than the support they'll have to deal with for account compromises.

_________________
https://kasumi.itch.io/indivisible

The password complexity policy I use on sites I've developed is 16+ characters with at least one letter or 8+ characters with at least one letter or digit. Longer passwords can skip the digit because they are assumed to be passphrases.

For email I run my own server, so do not have to worry that someone else can access it or whatever, as I can easily add and remove as many aliases as I want. However, I do not have a cell-phone and do not want one. For two-factor authentication, there are stuff such as OpenID; an OpenID server could implement as many factor authentication as they want to, and can be based on whatever you want to be based on.

_________________
.

I've been seeing phone requirements as a punishment, especially since when it's brought up due to "abnormal behavior". but here's the bigger issue I see:
Twitter accounts unconfirmed with any third party identity provider are able to do enough to break the rules, and cause demerits to that third party identity. You can as a malicious actor go through every valid email address you have in your files not already used for twitter and systematically cause them trouble. At this point twitter should stop pretending that cel-phones are optional.

As for the passphrase discussion:
Keeping in mind the possibility of database compromises with beefy password crackers, the entropy requirements for sufficiently secure passwords today are far above human rememberability. Therefore use a password database. If you are unable to manage an encrypted file, use paper (yes paper).

I am such moron.
I failed to see the "not my account" option in that initial email, due to the plain text version not having it.

I clicked that link and now everything's OK.