A friendly reminder about password security

Tuesday, 19 February 2013

Over the past couple of days, there’s been a fair amount of conversation about account security on Twitter. We thought we’d take advantage of this moment to remind you of best practices around passwords – both on Twitter and on the Internet generally.

  • Use a strong password. Your password should be at least 10 characters that include upper and lower case characters, numbers, and symbols. You should always use a unique password for each website you use; that way, if one account gets compromised, the rest are safe. 
  • Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information. Be cautious when clicking on links in Direct Messages. Whenever you are prompted to enter your Twitter password, just take a quick look at the URL and make sure you’re actually on Twitter.com. Phishing websites will often look just like Twitter’s login page, but will actually be for destinations other than Twitter. If ever in doubt, just go directly to twitter.com in your browser. 
  • Don’t give your username and password out to unknown third parties, especially those promising to get you followers or make you money. When you give your username and password to someone else, they get complete control of your account and can lock you out of your account or take actions that cause your account to be suspended. Be wary of any application that promises to make you money or get you followers. If it sounds too good to be true, it probably is! 
  • Make sure your computer and operating system is up to date with the most recent patches, upgrades, and anti-virus software. Keep your browser and operating system updated with the most current versions and patches; patches are often released to address particular security threats. 

We offer more detailed advice in our Help Center.

Posted by Bob Lord (@boblord)
Director of Information Security