4 min read

How to better secure your Twitter account

Graham CLULEY

May 13, 2014

Promo Protect all your devices, without slowing them down.
Free 30-day trial
How to better secure your Twitter account

Have you ever had your Twitter account hacked? Did you find it unexpectedly spewing out claims that you had lost weight following a miracle diet, malicious links to phishing sites, or even over-run by mischievous hackers like the Syrian Electronic Army?

If so, it’s time to learn about how to better secure your Twitter account.

Here’s my quick guide:

1. Choose an impossible-to-guess, hard-to-crack password. Too many people use obvious passwords like “123456”, “twitter” or even “password”. Stop it, right now. You’re being dumb.

Online criminals have databases of thousands of the world’s most popular passwords and huge dictionaries which they can use to try to crack your password and force their way into your account. You’re much better off having a password like s%pHna9fy4DVdq%fVAj8SdD@6T* than “albatross”, or even “albatro55”.

Equally, don’t have a password that is easy to guess. Never base your password upon the name of your favourite TV show, football team, pet goldfish – or someone might find it all too easy to gain access to your account.

2. Don’t use that same password anywhere else on the net. Well done. You’ve created a really strong password. Now don’t make the mistake of re-using that password anywhere else.

The problem is that if one website gets hacked and its passwords are exposed then those very same passwords could be used against *other* websites. Before you know it, a successful hack at website A has resulted in your accounts at websites X, Y and Z also being compromised.

And, if you find your webmail account is one of the victims that could lead to all kinds of future problems as hackers trawl through your private communications.

So, you need lots of different passwords.

3. Use a password manager to remember all your passwords. So you’ve created many many impossible-to-guess, hard-to-crack passwords. Well done.

The only challenge now is remembering them all. Of course, it’s impossible.

I have almost 1000 different passwords, and I have no magic trick for remembering them.

Instead use password management software like Bitdefender Wallet, LastPass, 1Password, and KeePass that store your credentials in a secure, encrypted location – locked with a master password.

Password management software means you only have to remember *one* password (make sure it’s a good one that’s hard to crack!)

4. Enable two-factor authentication on Twitter. What Twitter calls “login verification”, the rest of the world calls “two-factor authentication” (or “2FA” for short).

You can sign-up for login verification and approve login requests directly from Twitter’s iOS or Android app, or use SMS-based login verification instead if you prefer.

Login verification can be enabled through the Settings section of your Twitter account. Here’s a video that Twitter produced showing how it works:

5. Twitter is looking out for suspicious logins. Twitter isn’t leaving the protection of your account entirely up to you, you’ll be pleased to hear.

Last week, it announced that it was introducing a new security feature to better identify suspicious logins.

In a nutshell, if Twitter thinks it has spotted a suspicious login to your account (maybe because of the device being used, or where in the world you are) it will ask you to answer a “simple question about your account” in an attempt to verify you are who you say you are.

This might be a request for you to confirm your mobile phone number for instance.

6. So you think only *you* have access to your Twitter account, eh? You might be surprised. Many people have given third-party apps access to their Twitter accounts. In many cases these are innocent apps designed to help you co-ordinate your social media activity, but it’s also possible for rogue apps to trick you into granting them access so they can do their dirty work.

To run a tight ship, review what apps you have allowed to access your Twitter account, and revoke any that you feel unsure about. Visit Settings / Apps on Twitter to review what apps have access to your account, and remove any that you don’t recognise or no longer require.

7. Be careful what you click on. You have the ultimate choice over what you click on, and what you choose to ignore.

Hackers, scammers and online criminals might attempt to trick you into clicking on a dangerous link. Phishers love to spread malicious links which could take you to a fraudulent website designed to steal your password.

Always take great care whenever a website asks you to enter your Twitter username and password – remember, the only place you should ever enter that is on the real Twitter.com!

8. Stay secure.
Finally, it’s down to this. Keep your computer updated with the latest security patches and good anti-virus software, as this will help prevent spyware infecting your system and snooping on your password as you type it in.

tags


Author


Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like

Bookmarks


loader