Twitter password security bug underlines need for industry change