Twitter Wants You to Change Your Password ASAP. Here's What You Should Really Do
Another day, another online security scandal — it now just seems like a natural part of life in 2018. But this time, you really need to take immediate action.
Twitter's chief technology officer, Parag Agrawal, revealed in a Thursday blog post that a bug in its system caused people's passwords to be kept unmasked in an internal log. And though the social media company swears it has "no reason to believe password information ever left Twitter’s systems or was misused by anyone," it's recommending that all 336 million users change their passwords immediately.
But here's the kicker: Twitter isn't just saying you should update your password on Twitter. It's suggesting you also change your password on all sites where you used your Twitter password.
Spare us the theatrics of protesting that you don't reuse log-in information. It's a bad habit, but we're almost all guilty. According to a 2017 survey from password manager Keeper, more than 80 percent of people over 18 admit to having the same password for more than one account.
So, yeah, this isn't a problem you can afford to ignore.
As soon as possible, you should to go Twitter.com and mouse over to your avatar in the upper right hand corner. Click it, navigate to "Settings and privacy" on the drop-down menu, and click "Password" on the left. Then change your information. Make sure you pick a good password — one that's hard to guess, longer than eight characters, relatively random, has upper and lowercase letters, and contains numbers and symbols, according to USA Today.
Now, repeat this process on the other sites where you used your old Twitter password. This should be obvious, but don't reuse the new password you just created — invent a new one entirely, or at least throw in a variation.
If you want to take your security to the next level — and you probably should — you may want to look into enabling two-factor authentication for your sensitive accounts. Also called two-step authentication, it is what is sounds like: A system that uses multiple methods, like texting you a log-in code, to confirm your identity before allowing you access to your account.
Perhaps the best way to protect your info, though, is to start relying on a password manager. It's a type of software that generates ultra-secure passwords and keeps track of them for you in one safe place. The Verge says the best brands are LastPass, Dashlane and 1Password, all of which you can try for free. Once you find one you like, you can upgrade to a paid subscription. Those will run you less than $5 a month, which is a a small price to pay for privacy.
Then all you have to do is make sure your password manager password is really good. Ah, the circle of (modern) life.