A lot has happened since Elon Musk took over Twitter late last year and he has been running Twitter using policy decisions that promote hate speech and harm vulnerable users – even from his personal account.
But if you’re sticking around, you need to protect your privacy and keep your Twitter account secure with these tips.
It’s even more imperative with the recently leaked data set of compromised 235 million Twitter accounts. The social media platform said that they have since fixed the vulnerability that several threat actors took advantage of.
Last month password manager LastPass shared that an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of its production data.
This is why it’s important to fortify your account.
First things first, head to Twitter Account Settings.
Use a Very Strong Password
It’s 2023, please stop using dumb passwords. 123456 was the most used password with over 23.2 million accounts. 123456789 came close with 7.7 million accounts while qwerty and password was used by over 3 million accounts each. Other Passwords to avoid include 111111, 12345678, 1234567, 12345, abc123 and password1, people’s names, football team names, names of bands and days of the week and months too – Sunday was the most password while August was the most used password respectively.
You can create a strong password that has a minimum of 12 characters, includes numbers, symbols, capital letters, lower-case letters, isn’t a dictionary word or combination of dictionary words plus doesn’t rely on obvious substitutions. They’re several password generators online if you need help with that.
Some browsers like Chrome also do handle password management too for not only current accounts but also new accounts. It even has password checker that is a service that examines a user’s saved passwords if they have been compromised in any way.
Another way is through the Passphrase/Diceware method. This method suggests choosing 6 or more random words and joining them together to create a passphrase which then becomes your password.
Use SMS Two-Factor Authentication
Twitter offers SMS 2FA through Login verification where you add your number so that when you log in to your Twitter account, a code is sent and you use it as a token to verify your account.
Simply head to Twitter > Settings > Account > Security > Set Up Login Verification. You can tick the checkbox that requires your personal information in order to reset your password.
Save these changes when you’re done.
SMS-based 2FA isn’t the safest though. Companies can use your phone number for ad targetting purposes such as Facebook and Twitter. Also, sim swaps can occur without your knowledge leaving you vulnerable.
Despite this, it is the easiest to set up and is more adaptable for most users.
Use Application-Based Two Factor Authentication
Twitter’s only form of 2FA was SMS based and it was the default one until recently when they changed that policy.
Authy even allows for multiple device support for those who frequently change devices via a cloud backup.
The desktop, Android and iOS apps let you search for tokens by name, display tokens as a list or grid view, and greater device information so you can view and remove unused apps. You also get push authentication support for websites that have implemented it.
It’s best to install the Authy app on your phone and desktop or another device so that when the tokens are synched to the Authy Cloud, they automatically sync. This is so that when an attempt to install another instance of Authy, you get notified via the other app as Authy checks the new device against an existing device they already trust.
Once this is done, go ahead and turn off the app’s multi-device feature so that no additional apps are installed.
Most sites will suggest the Google Authenticator app for 2FA but you can easily substitute that for Authy.
2FA apps are also vulnerable as most sites have a logic flaw vulnerability that let you log in without knowing the current password. It works when you’re trying to change your password while in the process of logging in to the 2FA login page. Google fixed this issue. Instagram and Microsoft are still vulnerable. Read all about it here.
Simply head to Twitter > Settings > Account > Security > Review your login verification methods > Setup mobile security app – which will allow you to use a separate app to generate your verification codes.
When you click start, you’ll be given a QR code to scan with the mobile 2FA application of your choice. It’s even easier on Authy by tapping the menu followed by “Add New Account,” and then follow the instructions. Simply scan the code and you’re done.
We suggest disabling SMS verification after you’re done to make sure you’re completely safe.
Consumers are becoming more aware of 2FA and moving beyond password-only logins.
Review apps connected to your Twitter account
Make sure you review apps that use your Twitter account to log in to their platforms. If you longer use those apps or services, revoke their access.
Simply head to Twitter > Settings > Account > Apps or click here.
Twitter also offers an undo revoke access button if you accidentally revoke access to an app you frequently use.
- Go private to protect your tweets so that they’re only visible to your followers. Head to Twitter > Settings > Privacy and Safety > Tick the Tweet Privacy checkbox to protect your tweets or click here.
- Deactivate Tweet Locations by going to Twitter > Settings > Privacy and Safety > Tweet location here and untick the checkmark. You can also delete location information.
- Control who tags you in photos by going to Twitter > Settings > Privacy and Safety > Photo tagging and select “Do not allow anyone to tag you” or ‘Only allow people you follow to tag you in photos
- Deactivate Discoverability by going to Twitter > Settings > Privacy and Safety > Discoverability and untick both checkboxes
- Disable Advertising and Data Tracking by going to Twitter > Settings > Privacy and Safety > Personalization and data. This turns off personalized ads, personalization based on the device you use, personalization based on your location, data tracking, and data sharing
- Disable DMs by going to Twitter > Settings > Privacy and Safety > Direct Messages and untick the checkbox that lets you receive direct messages from anyone
- Mute words by going to Twitter > Settings >Muted Words. Here you can add words and control where they are muted from and for how long.
- You can also mute and block accounts and they won’t know that they’ve been muted by going to Twitter > Settings > Muted accounts and Twitter > Settings > Blocked accounts respectively.
- You can mute notifications by using advanced filters. Options include ticking off notifications from people – You don’t follow, Who don’t follow you, With a new account, Who have a default profile photo, Who haven’t confirmed their email and Who haven’t confirmed their phone number
- Hide sensitive content by heading to Twitter > Settings > Privacy and Safety > Safety and tick the checkbox Hide sensitive content to prevent tweets with potentially sensitive content from displaying in your search results. This also makes sure that no blocked or muted accounts show up in your search results
- Enable the Quality Filter by heading to Twitter > Settings > Notifications and ticking the Quality Filter button. This prevents you from seeing “lower-quality content” that includes duplicate tweets or content that appears automated in your notifications and other parts of Twitter
- Report abusive accounts to Twitter for them to act on said accounts. This can be done from their profile or tweet by just using the drop-down menu and selecting “Report tweet” to inform Twitter why you find this content to be offensive and/or abusive.
Enabling these security protections will ensure your Twitter account is safe and makes it difficult for hackers to gain access to your account plus also making your experience on Twitter worthwhile.