Twitter is one of the more popular social media sites. It is also a prime candidate for having an account compromised. As with any social media or website, there are several things that can be done to make it a less than appealing target and encourage the would be attacker to move to another less prepared account.
1. Use a Strong Password
For those that aren’t familiar with this term, a Strong Password is one that contains (where permitted by the website or service) a combination lower case letters, uppercase letters, numbers, punctuation or other special characters to make up a password. The longer the password is, the long it will take for someone to guess or hack your password. This is an area where I am probably as guilty as everyone else is on this. I have a “favorite” password or two that I liked to use in the past. This kept me from having to have a way to keep track of all the passwords that I used on different websites. With more websites adding additional layers of security such as challenge questions, etc., I have had to start using a password manager app to help keep track of the different passwords, the challenge questions and answers used on a particular website, the recovery procedure if I am locked out of a website, what additional login procedures I have used for that site, etc.
I use a password manager app called mSecure. It is a multi platform (i.e. Windows, Mac, Android, iPhone, etc) app so that you have close to the same interface regardless of how you are using it. It also has several different ways to synchronize the password database so that you should also have the same version of the login information on each of your devices that you use it on. There are a variety of apps to choose from in this area, so look for the one that best works for you.
2. Use a Unique Password
This one will be a bit of a pain but the time taken to do this will pay off in the long run. Look at it this way, if one of your logins on a particular site is compromised or hacked, you have taken a step to minimize the potential for additional website logins to be breached as well. Most password manager apps have the functionality of helping you generate a unique password. There are other apps that do this as well. A search of the app store for your phone or the internet for you laptop/desktop should show you some options to look at.
Different websites have different rules for how you can make your password strong. Some will let you use “special” characters such as * or +, others wont let you use those characters but will make sure that you dont use a password that can be looked up as a dictionary word. Some will not allow the same character or number to be used repeatedly. Remember, the more uniqueness you can have in a password makes it that much more difficult for someone to hack your account.
3. Enabling Two Factor Authentication
The only 2 factor authentication supported by Twitter is an SMS message giving you the 6 digit code to use to authenticate your login. While you can give your cell phone as the recipient of the messages, another option is to establish a Google Voice number as the receiver of the SMS messages. Doing so allows you to redirect where the SMS message goes so that you always have a backup way of getting the code.
If you are going to create a Twitter account from scratch, this can be done automatically as a part of creating your account. If you skip that step or want to add it to an existing account, Click on Profile and settings icon (this can be your picture if you have one on the account). Go down the list of options and click on Settings.
If you didn’t give your mobile number during the account creation process, you will need to enter that into the account settings first before you will be able to enable two factor authentication. Click on Mobile menu option. Enter your smart phone number into the indicated field on the screen. Click on the Continue button. You should get a text message with a 6 digit number momentarily. Enter that number in the screen asking for verification. You phone should now show as activated.
The next is to click on Security and Privacy menu option. Look for the Login Verification section. You have the choice of having a SMS message send as a part of the verification or have the authentication request sent to the twitter app on your smartphone. Even though you have just had to verify a 6 digit code when setting up the phone on the account, you will be asked to verify that you received a message. After that, you will be asked to enter your password after which the current configuration will be saved.
4. Add an additional step before a password reset can be requested
There is another option in this area that it would be a good idea to enable. Check the box beside Require Personal Information to reset my password. If you do request a password reset, you will be asked to enter the phone number that you have associated with this account before the password process can be done. Click on the Save Changes button to save these changes.
If you have other apps that you are accessing your Twitter account with, such as IFTTT, this may affect your decision on being able to implement two factor authentication (i.e. 2FA). Some sites that offer 2FA also offer what is called an application password system where it generates a very unique, very long password that is recognized by that site and allows that login process to not go through the 2FA process. Twitter doesn’t have that option at this point, only a “temporary” password option that expires in one hour. If you have “recipes” on IFTTT that involve Twitter, you may only be able to go to as far as a strong password until Twitter makes a change to their two factor implementation.
For other posts in this series, please use this link – http://www.ronnutter.com/category/social-media/
If you would like to be notified when my book “Protecting Your Online Presence”, please click on the title and you will get an email as soon as the book is released for publication. Thanks for your interest !!.