Twitter is the latest large-scale company investigating the possibility of a password hack of its user base. It recently sent an email blast to accounts that may have been compromised and automatically reset their passwords.
The social network joins a long list of companies — from LinkedIn to eHarmony to Dropbox — who have faced account hacks in recent months. Although site hacks are nothing new, it’s becoming increasingly critical to protect passwords, as incidents like this continue to rise. The same password and email login you use for one site could unlock a wealth of information on other platforms, including personal information and credit-card data.
That said, there are a few steps to take to protect your Twitter account — or any account, for that matter. First and foremost, it’s key to create a strong password which includes a variety of upper and lower case characters, numbers and symbols, and is also 10 characters long.
“We highly recommend that you use a unique password for each website you use; that way, if one account gets compromised, the rest are safe,” Twitter advised in a tips post on its site. “Also, please use a secure and private email address to associate with your Twitter account. If you forget your password, you’ll be able to get instructions for resetting it emailed to that address.”
It’s also important to change your password often, and make sure you never re-use passwords, even across social media sites.
“If one site is compromised, it makes it much easier for someone to try logging in (or brute-forcing) with those leaked credentials on other sites,” says Amber Gott, a spokesperson for the password security service LastPass. “It could lead to a compromise of a number of your accounts — a domino effect, if someone was trying. Anything that controls access to your personal identity such as online banking, email and social media should be protected with special care.”
Password managers such as LastPass and KeePass can be a huge help in creating long, strong passwords. These services also remember the passwords and fill them in for you. However, it’s important to pick a password manager that has secure universal access and allows you to check if you are re-using your passwords elsewhere.
Another important way to protect your account is to be cautious when giving your password to third-party apps — these services can gain full access to your account.
“There are lots of third-party programs and applications you can use with your Twitter accounts,” Twitter wrote. “These applications are built on the Twitter platform by external developers and allow you to do an array of neat things with your account. However, you should be cautious before giving up control of your account to someone else.”
To revoke access to these apps via Twitter, visit the Apps tab in account settings and click “Revoke Access” next to the application.
Although it sounds obvious, Twitter users should also be suspicious of malicious links and phishing scams that occur on the site.
“If something seems out of character from someone you follow or a tweet/DM you receive, always exercise caution about clicking links,” Gott adds. “This is especially true of sensationalist-sounding posts about celebrities because they are common fodder for phishing links and spam.”
If the message comes from someone you know, send them a message to see if it’s legit or ignore it.