Keep your Twitter account secure

Here are 5 things you need to know about protecting your Twitter account and keeping it safe from being compromised or hacked.

• Twitter will only contact you in-app or via an email sent from an @twitter.com email address. We will never ask you to provide your password via email, Direct Message, or reply. We will never ask you to download something or sign in to a non-Twitter.com website. We will not contact you via other social channels e.g. WhatsApp. Never open an attachment or install any software from an email that claims to be from us; it's not!
• Turn on Login Verification and Password Reset Verifications Enabling login verification or 2 Factor Authentication (2FA) will ensure that a One Time Password (OTP) is sent to your mobile, providing an additional layer of security for your account. Only people who have access to both your password and your mobile phone (or a security key) will be able to log in to your account. More information can be found here. Password Reset Verification means that you will be prompted to enter either your email address and/or phone number to send a reset password link or confirmation code if you ever forget it.

• Don’t click suspicious or unknown links. If someone sends you a link on Twitter that looks suspicious or unknown - even if it’s from someone that you know - don’t click on it. The other Twitter user’s account could be compromised and it’s important that you don’t click the link and compromise your own account. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, do not enter your username and password. Instead, go to twitter.com and log in directly from the Twitter homepage.
• Don’t ignore emails sent to you from @twitter.com. We will occasionally send you emails regarding your account security and it’s very important that you read them. For example, when you log in to your Twitter account from a new device for the first time, we will send you a notification via email as an extra layer of security for your account. Any time the email address associated with your Twitter account is changed, we will send an email notification to the previously-used email address on your account. In the event your account is compromised, these alerts will help you take steps to regain control of your account.
• Use a strong password that you don’t use on other websites. Your password should be at least 10 characters long and use a mix of uppercase, lowercase, numbers, and symbols. Use passphrases, not passwords. Do not use common dictionary words or phrases - these are predictable and easy to compromise. Be creative and thoughtful with your password choice - it adds an extra layer of security to your account from the start.

If you’re concerned your account may have been compromised, you can find more information here about the steps you can take to help secure your account. To request a password reset or contact our Support team, find out more here. You can also contact @TwitterSupport via Direct Message. For more information on account security, visit the Twitter Help Centre.