Twitter Offers a New Security Feature After 330 Million Passwords Are Leaked

When more than 330 million Twitter users were affected by a system bug back in May, one of the biggest social media networks got lucky. The bug was found within the system, and it wasn't induced by outside forces. As a result, no one experienced a password leak, but the incident raised quite a few questions about Twitter's personal data information security, and how it could be enforced further.

In this blog post, we look at the key security features that are employed by Twitter to protect user accounts from potential exploitation. There are quite a few things you can do to secure your account.

Sign-up Process Improvement

According to the official blog post, the main thing Twitter is currently working on is to make it harder to register spam accounts. By doing that, they automatically raise the overall security bar because the account confirmation process becomes longer. For example, newly registered users need to confirm either their email address or their phone number before they can use their account.

Likewise, they will also check accounts for signs of automatic sign-ups. Regular users who do not use their accounts to spam Twitter would not even feel anything happening. However, do not be surprised to suddenly find the number of your followers decrease. That's how Twitter deals with fake spam accounts: they delete them for good. So there is a possibility that you may lose followers, but it's not because you've done anything wrong. Those accounts were simply fake.

User's Efforts to Secure Their Account

Two-factor Authentication

If you want to avoid a password leak or identity theft, you can also take a few measures to improve your Twitter personal information security. In the previously mentioned Twitter blog post, Yoel Roth and Del Harvey first offer users to enable two-factor authentication. We have actually covered the concept before in our blog, too. It is one of the most common methods to improve data security. By enabling multi-factor authentication, you decrease the possibility of a password leak.

Normally, it is possible to sign in to your Twitter account automatically. Mobile Twitter apps usually have all your passwords saved, and you do not even see the login page when you open the application on your mobile device. However, when you enable two-factor authentication, you will have to enter a code that gets sent to your mobile phone each time you want to access your Twitter account. While some users may find it bothersome, this type of verification will ensure that no one else but you would access your account.

App Permissions

Another thing you can do to improve your account's security is to review the third-party applications that you have approved previously. If you go to the Apps tab in the Settings menu, you can go through the applications that you have allowed to access your account for various services. It is easy to revoke your permission to any app you either do not recognize or you do not need anymore.

Third-Party Authentication

If that were not enough, you can also set a third-party multi-factor authentication to protect your account from a password leak. Twitter's Help Center says that you use a third-party app to verify your identity. This method clearly improves your Twitter personal information security, and you can choose the third-party app you want to protect you from personal data theft. Twitter suggests using such applications as Google Authenticator, Authy, Duo Mobile or anything similar to set up the verification process. The steps to set up a third-party authentication are as follows:

  1. Click your profile icon and select Settings and privacy.
  2. Go to Accounts.
  3. Click Review your login verification methods under Security.
  4. Type in your password and press Confirm.
  5. Find Mobile security app and click Set up.
  6. Click Start, enter your password, and press Verify.
  7. Follow the instructions in the pop-up window with a QR code.
  8. Scan the QR code, and you will see a 6-digit security code.
  9. Type in the code into the Security code box in the pop-up window.
  10. Press Done.

Another way to protect your account from a password leak is setting up a security key for account verification. Twitter allows users to use a FIDO Universal 2nd Factor (U2F) security key for login verification. This already steps into the hardware multi-factor authentication, as you need a USB security key (like Yubikey). If you have it, you can follow the instructions below to enhance your Twitter personal information security:

  1. Click your profile icon and select Settings and privacy.
  2. Go to Accounts.
  3. Click Review your login verification methods under Security.
  4. Type in your password and press Confirm.
  5. Find the Security key option and click Set up.
  6. Press Start, enter your password and click Verify.
  7. Plug the key into your USB port.
  8. Press the button on your key and press it again to verify the key.

Twitter Help Center also points out that Security key authentication cannot be enabled on its own. You can enable it only if you have the Text message or Mobile security app verification enabled as well.

Other Ways to Enhance Your Account Security

Some of the best ways to prevent a password leak are to employ as many security measures as possible. Sure, a multi-factor authentication offered by Twitter is already strong enough for a regular user. However, if you often use web Twitter, you might want to consider using a password manager as well. When you employ a password manager, the possibility of a password leak on your side basically disappears because you no longer have to work hard to remember them all. The application will save all of your passwords for you, and if that were not enough, it will also generate strong and unique passwords for your Twitter and other accounts regularly. Surely, you haven't forgotten that you need to change your passwords once in a while, right? If you use Cyclonis Password Manager, you can leave that headache to the app. With your sensitive data stored in the application's vault, you won't have to worry about a password leak again.

August 17, 2018

Leave a Reply