Last week’s news that the passwords of every Twitter user around the world had been exposed in plain text is a stark reminder of the sometimes-fragile nature of security in the online places we trust with our personal information.
In this latest example, Twitter says it was a technical error that led to the exposure of the passwords of the social network’s 330 million users. Twitter also says it’s fixed the bug and has no evidence that anyone’s accounts have been breached or misused.
While the error led to exposure only within Twitter’s internal systems, the social network has urged everyone to change their passwords anyway.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.”
It’s sound advice, and it’s a step we have taken at the Internet Society with our own social media channels.
Yet, you may wonder what the point is in changing your password if a mistake like this can happen. If it happened once, surely it can happen again.
Yes, it could, there’s no doubt. We have compelling examples of the consequences of mistakes or events that lead to security breaches, ranging from the scandalous Facebook/Cambridge Analytica data misuse saga that emerged in early April (and is still ongoing) to the commendable response by Nest that highlights best practices every organization should follow.
As a user of a social network like Twitter, there are steps you can take that will provide at least a base level of security for your peace of mind.
It’s about minimizing your risk – even if an event occurs that’s completely outside your control.
In the aftermath of the Twitter security breach, the focus has been on your password. Indeed, you should change it right away, especially if you still have the same password you’ve been using for years or one that you use in multiple places online. Talk about risk!
That’s only half of the issue, though. Changing your password won’t be of much help if the same thing happens again.
So in addition to creating a secure, unique password for your Twitter account (and each of your other social networks), you should also establish two-factor authentication on that account, a procedure Twitter calls login verification.
It means that every time you log in to your account and enter your new secure and unique password, you will have the additional security step to take of entering a unique one-time-use numerical code that you’ll get either in a text message from Twitter to your mobile phone or you will generate from an authenticator app you’ve installed on your mobile phone.
What! you may exclaim. Way too fussy and complicated! I just want to tweet!
Indeed, but think of it this way. In the event of a situation like the Twitter breach – or worse, a full-on cyberattack on a social network that grabs even some login credentials including passwords – the bad guys won’t be able to get in to your account, even if they try to log in with your password, as they won’t receive a text message or be able to generate a code without access to your mobile phone.
So, if you haven’t taken these steps yet, please do it now:
- Change your password on Twitter. Here’s how to start (Twitter calls it ‘reset’). Do the same on any other service where you may have used the same password.
- Use a strong password (at least 8 characters, although 12 or more is better) that you don’t reuse on other websites. Using a password generator app will make this task less of a chore. You may want to consider a password manager app as well.
- Enable login verification, also known as two-factor authentication. This is the single best action you can take to increase your account security.
Until our tech is as safe and secure as we wish it would be, self-help steps like these give you the power to minimize your risk.
Want to learn more about how you can be secure online? Read The Lazy Person’s Guide to Better Online Privacy.