In terms of criticality, Twitter may not make your Top 10 list of services to secure. But because social media services are a part of your online identity, Twitter be protected along with your other accounts.
Some security practices that are universal, no matter what product or service you need to protect.
- Good passwords. A secure password should be 12 to 14 characters in length at least, regardless of what the service recommends as a minimum. A password of 8 to 10 characters just isn’t enough anymore. You should also use uppercase and lowercase letters, numbers, and special characters while avoiding words you might find in a dictionary. Think “passphrase” instead of “password,” and you’ll be on the right track. Never reuse a password between any two services, because if one company gets compromised, the crooks will try that same email address and password combination anywhere they can. If all of this seems impossible to manage, it is. That’s what password managers are for. LastPass, KeePass, and Bitwarden are all good password managers that can create and securely store passwords in a vault for you — and then automatically fill them in when you need to sign in somewhere. Using a password manager is one of the best things you can do to keep yourself secure online.
- Multifactor Authentication (MFA). If a bad guy gets your password from a data breach, by guessing, or by phishing it out of you, your account is theirs – unless you have multifactor authentication enabled. This security control requires a hardware token or a one-time passcode in addition to a password, and it’s another one of the best possible ways to secure any online account.
The Nuts and Bolts
Now that we’ve covered some essentials, let’s look at how you can specifically protect the Twitter platform. While logged in, click the “More” option on the right, then “Settings and privacy” to get started.
If you just got yourself a password manager and want to set a new secure password, use the “Password” option on the right. Otherwise, let’s take a look at the “Security” section and turn on MFA.
The three checkboxes on the next screen are three different ways of using MFA. The first option, receiving a text message, is the least secure and for that reason should only be used when no other options exist. We will choose the Authentication app option. On your smartphone, download Authy or Duo Security, code generator apps that allow backing up and restoring your accounts if you get a different phone.
You’ll see an enrollment screen like the one above. Using the authenticator app, scan the QR code on the screen and enter the six-digit code into the verification box. This will complete the enrollment and enable MFA for your account.
The next time you sign in to your account from a new computer or device, you will be prompted to enter a code with a screen like the one below. Enter the code from your app to complete the login process.
If you’ve had your Twitter account a long time, you may have given third parties access to your account whether you meant to or not. While we’re in the “Account” section of the settings, let’s do some housekeeping and make sure you don’t have unwelcome guests with too much access. Choose the “Apps and sessions” option to see what you’ve authorized.
If you see anything in the Apps section you don’t recognize, click on it to get some more details. This includes the name of the app, the publisher, the date and time you authorized it to access your account, and the permissions it has. When in doubt, get rid of it. You can always reauthorize it if you remember what it was for, or if a service that you use breaks.
Next, from the main settings menu choose “Privacy and safety” to open a whole list of options.
Without taking a deep dive into every option, a few you should check out are: Location information, Discoverability and contacts, and Personalization and data. Each of these areas deal with settings worth changing if you don’t want a surprising amount of information collected about you.
Finally, for the extremely privacy-conscious, the “Protect your Tweets” option at the top of this screen blocks anyone who isn’t an approved follower from seeing what you tweet. This is a good setting for a child’s account if you’re a parent or guardian.
With any online service, but especially with social media, be cautious with the information you give out in the first place. Names of children or relatives, pets, birthdays and anniversaries, and favorite sports teams or hobbies give criminals a wealth of information they can use to answer your password reset questions. Humblebrag posts about your vacation could be an invitation to burglarize or vandalize your home. Photos of your car including license plate, home exterior, or any photo with geotagged information could leak just a bit more information about yourself than you intended. Using your full name on Twitter? Why not use the first initial of your last name? Or a made-up moniker? Adding a layer of privacy to your online identity can only help keep you safe.