It’s 2020. A new decade. A new year. Protecting your social media accounts is becoming just as important as securing your online shopping and bank accounts. When malicious people get access to your social media accounts, it can have a devastating effect on your reputation – either your personal or professional life as seen by Mariah Carey, whose Twitter account got hacked on New Year’s Eve and Twitter CEO Jack Dorsey last year.
I take a freaking nap and this happens?
— Mariah Carey (@MariahCarey) January 1, 2020
First things first, head to Twitter Account Settings.
Use a Strong Password
It’s time to stop using dumb passwords. 123456 was the most used password with over 23.2 million accounts. 123456789 came close with 7.7 million accounts while qwerty and password was used by over 3 million accounts each. Other Passwords to avoid include 111111, 12345678, 1234567, 12345, abc123 and password1, people’s names, football team names, names of bands and days of the week and months too – Sunday was the most password while August was the most used password respectively.
*Changes password to Sum41*
— Matt Fernandez (@FattMernandez) April 22, 2019
You can create a strong password that has a minimum of 12 characters, includes numbers, symbols, capital letters, lower-case letters, isn’t a dictionary word or combination of dictionary words plus doesn’t rely on obvious substitutions.
It’s has been made easier by password generators free on the internet such as strongpasswordgenerator.com and passwordgenerator.net. What I usually do is after they have generated one for me, I go ahead and modify it to make it easy to remember.
Password managers also create for you strong passwords. LastPass has a tool for that and you don’t have to create an account with them. Dashlane too, although you’ll have to create an account with them.
These tools will not only create a strong password for you, but they can also manage the passwords for you for different accounts so that you don’t have to use the same password for your other accounts.
Some browsers like Chrome also do handle password management too for not only current accounts but also new accounts. It even has password checker that is a service that examines a user’s saved passwords if they have been compromised in any way.
Another way is through the Passphrase/Diceware method. This method suggests choosing 6 or more random words and joining them together to create a passphrase which then becomes your password.
Here’s XKCD comic.
Use SMS Two-Factor Authentication
Simply head to Twitter > Settings > Account > Security > Set Up Login Verification. You can tick the checkbox that requires your personal information in order to reset your password.
Save these changes when you’re done.
SMS based 2FA isn’t the safest though. Companies can use your phone number for ad targetting purposes such as Facebook and Twitter. Also, sim swaps can occur without your knowledge leaving you vulnerable.
Despite this, it is the easiest to set up and is more adaptable for most users.
Use Application-Based Two Factor Authentication
Twitter’s only form of 2FA was SMS based and it was the default one until recently when they changed that policy.
Authy even allows for multiple device support for those who frequently change devices via a cloud backup.
The desktop, Android and iOS apps let you search for tokens by name, display tokens as a list or grid view, greater device information so you can view and remove unused apps. You also get push authentication support for websites that have implemented it.
It’s best to install the Authy app on your phone and desktop or another device so that when the tokens are synched to the Authy Cloud, they automatically sync. This is so when an attempt to install another instance of Authy, you get notified via the other app as Authy checks the new device against an existing device they already trust.
Once this is done, go ahead and turn off the apps multi-device feature so that no additional apps are installed.
Most sites will suggest Google Authenticator app for 2FA but you can easily substitute that for Authy.
2FA apps are also vulnerable as most sites have a logic flaw vulnerability that let you log in without knowing the current password. It works for when you’re trying to change your password while being in the process of logging in in the 2FA login page. Google fixed this issue. Instagram and Microsoft are still vulnerable. Read all about it here.
Simply head to Twitter > Settings > Account > Security > Review your login verification methods > Setup mobile security app – which will allow you to use a separate app to generate your verification codes.
When you click start, you’ll be given a QR code to scan with the mobile 2FA application of your choice. It’s even easier on Authy as tapping the menu followed by “Add New Account,” then following the instructions. Simply scan the code and you’re done.
We suggest disabling SMS verification after you’re done to make sure you’re completely safe.
Consumers are becoming more aware of 2FA and moving beyond password-only logins as there’s been a 538% increase in users enabling 2FA from 2015 to 2017.
Review apps connected to your Twitter account
Make sure you review apps that use your Twitter account to log in to their platforms. If you longer use those apps or services, revoke their access.
Simply head to Twitter > Settings > Account > Apps or click here.
Twitter also offers an undo revoke access button if you accidentally revoke access to an app you frequently use.
- Go private to protect your tweets so that they’re only visible to your followers. Head to Twitter > Settings > Privacy and Safety > Tick the Tweet Privacy checkbox to protect your tweets or click here.
- Deactivate Tweet Locations by going to Twitter > Settings > Privacy and Safety > Tweet location here and untick the checkmark. You can also delete location information.
- Control who tags you in photos by going to Twitter > Settings > Privacy and Safety > Photo tagging and select “Do not allow anyone to tag you” or ‘Only allow people you follow to tag you in photos
- Deactivate Discoverability by going to Twitter > Settings > Privacy and Safety > Discoverability and untick both checkboxes
- Disable Advertising and Data Tracking by going to Twitter > Settings > Privacy and Safety > Personalization and data. This turns off personalized ads, personalization based on the device you use, personalization based on your location, data tracking, and data sharing
- Disable DMs by going to Twitter > Settings > Privacy and Safety > Direct Messages and untick the checkbox that lets you receive direct messages from anyone
- Mute words by going to Twitter > Settings >Muted Words. Here you can add words and control where they are muted from and for how long.
- You can also mute and block accounts and they won’t know that they’ve been muted by going to Twitter > Settings > Muted accounts and Twitter > Settings > Blocked accounts respectively.
- Hide sensitive content by heading to Twitter > Settings > Privacy and Safety > Safety and tick the checkbox Hide sensitive content to prevent tweets with potentially sensitive content from displaying in your search results. This also makes sure that no blocked or muted accounts show up in your search results
- Enable the Quality Filter by heading to Twitter > Settings > Notifications and ticking the Quality Filter button. This prevents you from seeing “lower-quality content” that includes duplicate tweets or content that appears automated in your notifications and other parts of Twitter
- Report abusive accounts to Twitter for them to act on said accounts. This can be done from their profile or tweet by just using the drop-down menu and select “Report tweet” to inform Twitter why you find this content to be offensive and/or abusive.
Enabling these security protections will ensure your Twitter account is safe and makes it difficult for hackers to gain access to your account plus also making your experience on Twitter worthwhile.