Each year the Online Trust Alliance (OTA) analyzes the security of thousands of websites across a wide range of industry verticals. And for the third consecutive year, Twitter has been recognized at the top of this list for our security efforts.
Here are highlights of the security controls Twitter provides to protect our users.
- Always-on HTTPS
Encrypted communication between your browser and twitter.com is a must. We ensure it’s always turned on; you can tell by the “s” in the HTTPS in your URL bar (it stands for “secure”). Using it protects you from potential snooping on the data you share with twitter.com.
- TLS and cipher suite configuration
Not only does Twitter provide HTTPS for all communication; we only support the use of strong cipher suites for encrypting communication and forward secrecy. You can read more in this SSL report for twitter.com.
SSL Report for twitter.com:
Source: Qualys SSL Labs
- Extended Validation Certificates (EV Certs)
EV Certs help provide users with a visual clue that they are on the valid twitter.com website and not an imposter. You will notice on your browser that Twitter is highlighted in green to make this distinction, as you see below.
- Security for email from twitter.com
Since early 2013, Twitter has supported the security controls Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) with a reject policy to combat phishing and fraudulent email. As a result, you can trust that email messages from twitter.com are genuine and not attackers attempting to fool users.
We’re very pleased to be recognized once again by the OTA. It’s our hope that Twitter can serve as an example for other companies looking to strengthen their security controls to protect users. The full OTA report can be found here.