Change Your Twitter Password Immediately – Yes, Yours Too

Written by
Published on May 4, 2018

Happy World Password Day. In some spectacular timing, Twitter’s 336 million users are being cautioned to change their Twitter passwords immediately, following an embarrassing revelation of an error in how password data is stored by the company. Yes, it’s a pain, but this means you, too, need to change your Twitter password straight away.

It’s important to understand that no Twitter accounts are thought to be at immediate risk, and there hasn’t been a reported data breach. However, Twitter’s warning has particularly important ramifications for anyone (this author included) who’s guilty of re-using the same password on more than one account.

We explain what you need to know about the Twitter password fiasco, plus how you can quickly secure your account.

Related – How to Make Sure Your Password is Actually Protecting You

Twitter Password Warning

Twitter Password Bug Explained

Companies are under more pressure than ever to store sensitive personal data in a secure, watertight fashion. The penalties for an avoidable data breach are harsh – as well as losing customer trust, there are hefty financial fines for global companies under the imminent European General Data Protection Regulation (GDPR).

Twitter stores its user passwords under a safe cryptographic hashing system. They’re hidden from prying eyes and can’t be accessed. But there’s a problem: Twitter identified a bug in its system that meant all user passwords were also being recorded as a plaintext file, stored on its servers.

That’s beyond bad – ever been told not to write all your passwords down somewhere in a document, in case somebody else comes across it? Turns out, Twitter has inadvertently done this on a colossal scale.

Again, no one has accessed or stolen this log of password data, and nor has the information been leaked in any way. But Twitter is rightly taking the matter seriously, and cautioning customers via alerts on its services, plus an official Twitter blog post to change their passwords immediately:

“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.”

How to Change Your Twitter Password

Changing your Twitter password is a simple enough process, so don’t delay.

On a desktop, open your Twitter account, then click Profile and Settings (your account icon, top-right, by the search bar) then Settings and Privacy.

Select Password from the left-hand menu, then enter your current password before creating a new one.

How to change your Twitter Password

The process is broadly similar in the mobile app version of Twitter. Tap your Account icon then Settings and Privacy.

Next, tap Account > Login and Security > Change Password.

Change Your Twitter Password in the App

How to Create a Secure Password

So, you’ve made it as far as changing your Twitter password – that’s a good start. But how do you make sure that your new one is secure?

The theory behind the perfect password keeps on evolving. The good news is that the general consensus is no longer that you need to create a convoluted mess of upper and lower case characters, symbols and numbers. Instead, stick to a few core password security mantras:

  • DO use unique passwords for every service you use. Otherwise, if one is ever breached, and you re-use that password and email address combination elsewhere, you’re at serious risk.
  • DO create a long password. The most secure type is a long combination of words put together as one phrase – for instance, “iwishihadabetterpassword”. Don’t use that example, though!
  • DON’T pick one of the “classics”. They’re not smart, they can be guessed, and the days of “12345”, “passwd”, “mypassword” and “qwerty” need to be consigned to history, fast.
  • DON’T delay, particularly in the case of the Twitter password issue. Change your password for this service straight away, and have a good hard think about how many other accounts you may have used this same password on.
  • DO consider a Password Manager. They’re easier to use than you may assume, and the likes of DashLane and LastPass can safely generate unique and secure passwords for all of the sites and services you use. Best of all? They’ll remember all your passwords, so you won’t have to.

For more, see our guide on how to create a secure password to protect your accounts.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Tags
Written by:
Richard Parris is the Managing Editor of Tech.co. He has over a decade's experience writing about tech, covering everything from the latest product reviews to online privacy and security. Before joining Tech.co, Richard previously worked as the editor of the UK's largest technology magazine and its associated website.
Explore More See all news
  • How To Delete Your Telegram Account

    This step-by-step guide will take you through how to delete...

    Aaron Drapkin -
  • Six Common Venmo Scams and How to Avoid Them

    This guide breaks down how to identify Venmo scams and...

    Aaron Drapkin -
  • Signal Takes On Zoom and Meet With Video Call Updates

    With Signal's new tools, joining group calls can be as easy...

    Katie Scott -
  • D-Link Won’t Update These Vulnerable Devices – Check Yours Now

    D-Link is recommending that customers retire some of its...

    Katie Scott -
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals