You should probably change your Twitter password now. This is after the social media giant discovered a bug that stored passwords in plain text.
Although there was no evidence that any passwords were leaked or hacked as result of the bug, Twitter still urges its users to change their passwords as a precaution. This includes not only the Twitter website or mobile app, but also on third-party apps like Tweetdeck.
According to Twitter, the bug occurred because of an issue in the hashing process that masks passwords by replacing them with a random string of characters. The problem arose when the passwords were saved in plain text to an internal log, instead of masking them through the hashing process. Twitter discovered the bug on its own and is working to ensure that similar problems don’t happen again.
Twitter didn’t say how many users were affected by the bug and how long the passwords were potentially compromised before the problem was discovered. Still, it’s a good idea to change your Twitter password just in case. As they say, prevention is better than cure.
How to Change Your Twitter Password
Follow these steps to change your Twitter password:
- Log in to your Twitter account if you haven’t already.
- Click your profile icon on the upper right corner of your screen and then select Settings and privacy.
- Click the Password tab on the left pane.
- Enter your current password.
- Enter your new password.
- Click Save Changes.
How to Enable Two-Factor Authentication
For an extra layer of security, it’s recommended that you enable two-factor authentication for your Twitter account. Make sure that you have set your phone or mobile number for your account. To register your phone number, click your profile icon and choose Settings and privacy. Click the Mobile tab, select Country/region, enter your phone number, and click Continue. Twitter will send a verification code to your phone or mobile number. Enter the code on Twitter and your phone number will be verified.
With two-factor authentication enabled, Twitter will send a login verification code to your phone when you try to login to your account.
- Click your profile icon and then choose Settings and privacy.
- Under Security, click Set up login verification.
- Click the Start button.
- Enter your password and click Verify.
- Click Send code.
- Enter the six-digit code that was sent to your phone or mobile number.
- Optionally, you can get a backup code that you can use in case you lose access to your device.
It would probably be a good idea to use a password manager such as Lastpass or Dashlane. This will save you time and brain power remembering all those complicated passwords that you use for numerous online accounts.