Twitter wasn’t hacked, but it still really wants you to change your password.
On Thursday, the company announced it had found and fixed a “bug” that stored user passwords internally without adequate security.
Twitter played down the incident and said there’s no evidence any passwords were used for nefarious purposes. But it appears to be showing all of its 336 million users a pop-up window prompting them to change their passwords.
It’s a good idea. Here’s how to do it.
Change your Twitter password
Twitter is making it easy to get started. The company is showing users a notification that links directly to its password reset page. You can also get there by going to Settings and Privacy -> Change Password on Twitter’s website, or Settings and Privacy -> Account -> Change Password on the mobile app. You will need to enter your existing password, then a new password twice.
If you really enjoy cheese, perhaps your Twitter password was “ilovecheese.” You should change the password to a new, entirely unique password that is not related to cheese. Try a combination of four or more unrelated words instead of a common phrase. Drop in some number, characters, and a mixture of upper and lower case letters.
Get a password manager
Since the best passwords should be hard to remember, consider using a password manager like 1Password or Lastpass. Password managers are applications that can generate long, unique passwords for every service you use, and remember them all so you don’t have to.
Turn on two-factor authentication
Two-factor authentication is a setting offered on most major services, including social media, email, and financial accounts. Turning it on means even if someone does have your password, they can’t access your accounts without a second piece of information, like a code texted to your phone.
Twitter calls this setting “login verification.” It’s under Account -> Security in your Twitter settings. Select “Verify login requests” and you will have to enter a second piece of information each time you login. Twitter will send a code to your phone over SMS or to an authenticator app.
Change your other passwords too
Tired of the endless partisan bickering and memes, you stopped posting to Twitter in 2016 and took up knitting. Congratulations on your life choices! But you might still need to change some passwords.
If you used the same password on any other services like Facebook or your bank account, you should change those passwords immediately as well. Update them even if you use slight variations that could be easily figured out, such as “ilovecheddar” or “ilovemunster.”
Make sure each new password is also unique or you will have to go through this process again the next time there is a password issue at one of the services you use. (There will always be a next time.)